Interested in starting your own Information and Communications Technology (ICT) business? Then Get out of your comfort zone now through the Practical ICT entrepreneurship programs. People must get out of their job seeking mode. Are you ready to take Control? Take Charge! Become a Provider for the Knowledge Economy. Become a Wealth Creator in the Digital Revolution!

What should you consider in setting up and growing your ICT business? What ICT business ideas are available and viable? Which ideas are yet unborn? Or what of those that are born online? What strategies should you employ in starting up your ICT company? In particular what are the entrepreneurial fundamentals, capacities and mindsets you must develop for succeeding in IT business? What really is the difference between success and failure? What does it take to create wealth in ICT – to be profitable and sustainable?

The Entrepreneurship Requirement

By taking risks and translating ideas into business results, the entrepreneur contributes positively to economic development of the country. It’s simple. When you are an entrepreneur, you create jobs and wealth. Despite the lack of support and recognition, the economy depends on you. The entrepreneur drives change and promotes innovation in the economy. However, there is a shortage of entrepreneurs and entrepreneurship learning. Nigeria is therefore not exploiting its entrepreneurial potential. Entrepreneurship is fundamental to economic development. In order to meet national goals, achieve social inclusion and overall prosperity Nigeria needs more entrepreneurs.

The craze for white collar jobs certainly does not help. Have the white collar jobs in the banks, telcos and oil companies reduced the level of poverty in society? How many people can the banks employ? Forget the flashy stuff and focus on substance. Whether you like it or not, whether you believe it or not, it’s time for us to wake up to reality – small businesses are the real engines of growth in the economy. Interestingly, entrepreneurship is often considered a less attractive career option. We must discard that mentality. People, Please, Please, listen to the news – Job security is dead, so why don’t you create your own jobs?

Why ICT Entrepreneurship?

In view of the important role ICT plays in all aspects of our personal and business lives, the IT entrepreneur is critical to development. For example, in this era of globalization, ICT entrepreneurship allows countries like Nigeria to become producers and creators in the high value areas of the knowledge economy. ICTs are the infrastructure of the digital global economy. They are what make the global village possible. However, the majority of entrepreneurship learning programs are offered in business and economic institutions and disciplines. ICT entrepreneurial learning is required to address this state of affairs. There must be an entrepreneurship focus on areas that drive change in today’s digital world, particularly ICT.

However, entrepreneurship is not a technical matter. Neither is it just about money. Creating and running a successful requires more than technical expertise and money. Is entrepreneurship a bed of roses? Entrepreneurship refers to an individual’s creative and self confident ability to turn ideas into action in a profitable and sustainable manner. Why do some fail while others succeed? It’s important to understand the practical perspectives that last and work, as well as how to address the challenges associated with entrepreneurship in the local and global environment. Entrepreneurship is about reward and wealth creation; it is also about managing risks and challenges. So what are the major mistakes made by tech entrepreneurs? What are the Critical Success Factors of IT entrepreneurship?

Why Africa? Why Nigeria?

There is a global digital revolution but Africa is still largely underserved. We must rise above consumption to production. Nobody is coming from Mars to tap the opportunities for wealth and job creation. Crying will not make underdevelopment go away. The argument is that we cannot grow because we are underdeveloped. WHAT NONSENSE! THE CHALLENGES OF UNDERDEVELOPMENT SHOULD BE TURNED INTO OPPORTUNITIES FOR GROWTH.

Entrepreneurship is one of several strategies that must be adopted. The disease of poor leadership ravaging the African continent is no excuse for folding our arms. We say NO to the victim mentality that bows to digital slavemasters! We must refuse to be victims of globalization. And we cannot put our future and hopes on hold until authorities and leaders wake up! Entrepreneurship is an opportunity for the individual to take back some control and make a difference. Entrepreneurship creates wealth while fighting poverty, disease, hunger and other real dangers associated with underdevelopment. Through ICT entrepreneurship it is possible to achieve success by being drivers and not consumers in the global digital economy – the digital Small Giants!

It is necessary to create and promote programs to address issues of experience and lack of self-confidence that stop many from creating and growing their own businesses. Underdevelopment provides challenges that can be turned into opportunities. We cannot continue to suffer from thirst at the river bank. To get real benefit in today’s digital economy we cannot all be job seekers or consumers. There is a need to create and empower a new generation of digital entrepreneurs. ICT is the infrastructure of the digital economy. ICT is not limited by sex or geography. You simply need to be informed about ICT and have the desire and ability to create and grow your business.

We complain daily about the lack of jobs. Interview today, but no jobs, downsizing, massive layoffs, retrenchment are the songs of globalization. Globalization requires entrepreneurs. Are you ready to be a driver or a spectator in the digital revolution? Why are you content being a passenger when you can drive change? Complaining is a baby’s game. I have to laugh when people think criticizing from morning to night will attract sympathy from poverty. Don’t you?

Objectives of ICT Entrepreneurship Programs – To Create and Grow Your Profitable and Sustainable ICT Business

Such program should enable participants to:

? develop the required entrepreneurial capacities and character entrepreneurial drive – motivation and raising awareness of benefits and importance

? develop the know how to set up and grow an ICT business and an understanding of business fundamentals

? discover and develop the entrepreneurial abilities needed to identify and exploit ICT business Opportunities in the local and global environment

- Explore risk and success factors of ICT business, avoiding major mistakes of technical entrepreneurs

- be innovative and dynamic in putting information technology ideas to work – Action – where the rubber meets the road

- ensure Growth and Sustainability in ICT Entrepreneurship

Having said that,it is the duty of every Nigerian no matter your profession or where you live, to assist in whatever way he or she can to see that democracy is sustained come 2011.This is the singular reason why I have decided to write about it here.

In achieving the desired success come 2011, experts in Information and Communications Technology like Prof Charles Uwadia, President Nigeria Computer Society have strongly recommended to the government the use of e-voting machines during these elections among other tools that will help curb malpractices in elections.

Our political terrain is very peculiar and a lot has to be done to see that 2011 election is credible, our votes most count and be counted. In other to achieve this, a new power lies in the electorate, now we need to defend our votes and make them count. There is no doubt we are beginning to realize the power we have.

One tool that is gradually being used in elections whether consciously or unconsciously is the Social Media like Facebook, Twitter, Youtube, Flickr, linkedIn and related technologies such as cell phones driven by the Internet. The good thing about social media is that anybody can use it whether government, political aspirants and parties or individuals. In most cases, these media are hardly controlled because the people own it. Our President, Dr Goodluck Jonathan has a Facebook page which he uses to communicate with the people, some people may ask of what use this is. The interactivity and information this platform offers him is one he probably will not get from the traditional media.

Social media which are also regarded as the new media, citizen media or consumer generated media are designed in such a way that it becomes very easy to generate and share information, Connect with thousands of people and also mobilize them towards a particular cause through social networks. For example, Facebook has an application called Facebook Causes; this connects people with common interest, Videos from Youtube has helped different group of people and organizations promote social and political causes successfully in their society. Social media makes for openness and democratization of information like never before resulting in citizen journalism

Rob Stokes, the author of the book, eMarketing rightly defined Social media as that media (from written to visual to audio to audio visual) that are designed to be shared, easy to comment on, easy to send and no high cost associated with viewing the media. The increasing rate of growth of these modern media platform makes it impossible for them to be ignored whether as a business, society or an individual. They are in fact gradually detecting the pace of information sharing and collaboration  online and even in real world giving the traditional media a run for their money(see my article on www.techtrendsng.com titled: Emerging media:Realities and Challenges for Traditional Media).

These social networks that are created in these social media, when harnessed properly can be agents of social and political transformation in recent times. For example, in chatting social causes, Twitter through its Twestival-an event which takes place every February 12 in over 100 cities around the world bringing twitter users together to raise funds for certain charity causes. Social medium platform was used to spread the news about Haiti earthquake and also to mobilize funds for them.

Politically, social media platforms have played very vital role in changing the political tide in some countries, for example, Facebook has been credited as being instrumental to the successful election of President Barack Obama.Facebook and twitter were used to mobilize people and also raise funds that led to his win. Hear what Arianna Huffington, the editor in Chief of Huffington Post (the leading blog on the internet)said, “ were it not for the internet Barack Obama would not be President,were it not for the internet,Barack Obama would not have been the nominee”

In Uk elections 2010,Facebook played vital role in the election process through the UK democracy page on Facebook which was an avenue for people to express their opinion about their candidates and rally support for who they think should be their leader, the same platform was also used for registration of voters during the period.

Another instance where social media has played key role politically is the 2009 elections in Iran, when Ahmadinejad was declared the winner over Mousavi, that sparked up a lot of protest and the traditional media where banned from reporting the situation. It was the social media like the Facebook,twitter,Youtube,Flickr that were used in dissemination of information which attracted sympathy and interest that brought political stability in Iran.

Social media has also being playing vital role in international politics between Google and China censorship issues.

Here in Nigeria, social media platform has been used to register dissatisfaction in some government policies. One that easily comes to my mind is the Enough is Enough protest earlier in the year, the mobilization of the young people that took part in that peaceful protest was done via the social media giving credence to the fact that social media can have effect even in

Nigeria.

In all of these accounts, one thing that is clear is that the social media played vital roles though not very active roles but their effect cannot be over looked.

For us, considering our political landscape a lot needs to be done, the electorate and even INEC should be educated on the need to use these tools before, during and after the elections to make sure that our democracy is sustained. Such tools including the ones I have mentioned earlier are blogs, Google maps,SMS,MMS,mobile phones,camera,VoIP, wikipedia, mobile and computer broadcasting platform and others. The information and data from these tools can provide detailed insight when analysised.

In conclusion, we should not forget the fact that social media are just tools; it is left for us Nigerians to make the desired political move and change come 2011.

Privacy of Electronic Communications Directive (EU 2002)

This Directive repeals the Telecommunications Data Protection Directive (97/66/EC) and lays certain obligations on telecommunications companies and service providers. One of the new developments of this Directive is that it extends controls on unsolicited direct marketing to all forms of electronic communications including unsolicited commercial e-mail (UCE or Spam) and SMS to mobile telephones.

It is to be noted that the Directive applies to the processing of personal data in connection with the provision of publicly available electronic communications services in public communications networks in the Community.

A brief introduction of the salient points reveals the following in the Directives aims in ensuring fundamental human rights and freedoms particularly the right to privacy for subscribers of electronic communications:

? Security Measures

The Directive provides that communication service providers should adopt adequate security measures both from a technical and organisational point of view that are commensurate with the risks that can accrue.

With the spate of recent high profile security breaches that have occurred it is paramount that telecommunications providers implement adequate logical and physical security measures to ensure data under their control is safe from unauthorised access, which may lead to loss of privacy. It goes further to provides that users should be made aware of risks that are beyond the control of the service provider

 Confidentiality of Communications

In its attempt to maintain privacy of personal information, the directive requires service providers to ensure confidentiality of communications. This the directive states can be attained by making sure that communication over public telecommunications lines are free from interception and tapping save in the instance of lawful interception. The article also provides that where communication networks are used in the processing of data, the data subject shall be informed why this is being carried out. The data subject has a right to refuse such processing

Caller and Called Line Identification

It is to be noted that an individual’s telephone number is personal data going by the meaning given to data protection legislation. In order to protect this, the directive further provides privacy rules in relation to caller and connected line identification. Here the directive states that subscribers must be issued with the possibility of withholding the identification of their telephone numbers when making a call along with being able to reject incoming calls where the incoming caller has refused showing their number

Location Data Restrictions

Where the repealed telecommunications privacy directive only related to calls in circuit switched connections such as is found in traditional voice telephony, the new directive covers all kinds of traffic data as generated by users of mobile communication devices.
Location data is a valuable tool that can be used in the mobile phone sector to identify the location of an individual its use can be illustrated in the Danielle Jones case in the hunt for a missing child in the UK it was identified that calls purportedly from the girls phone to her uncle (later convicted for her murder) were in fact being made by her uncle from one location.

Emergency and Nuisance Calls

An exception to the privacy of caller line and location data is provided for in article 10 where the elimination of calling line identification and location data is sanctioned to trace nuisance calls and in relation to location data for it to be revealed on a temporary basis only to emergency services.

SPAM
Unsolicited mail (also known as Spam) has become a major problem; it causes loss of work productivity and also is an invasion of privacy.

The directive in recognising the harmful effects of Spam provides that there shall be no automated communication using electronic mail or faxes for the purpose of direct marketing without the consent of the data owner. The purpose of the directive in relation to SPAM is to make sure that EU member states strengthen data protection measures in relation to SPAM. The EU legislation supports the opt-in rather than the opt-out approach.

National Security

There are certain situations that may lead to events that make safeguarding privacy of communications a secondary issue. Such situations are where national security is at risk and where criminal investigations are being carried out. Where these are determined to be taking place, law enforcement agencies may on having obtained permission by appropriate bodies breach the data subjects’ right to privacy of communications in their investigations of such events. It is to be noted that the legislation also allows for data to be retained for limited periods of time during the investigation of such situations

Digital Millennium Copyright Act (US 1998)

The Digital Millennium Copyright Act, was signed into law on October 28, 1998, it amended the United States Copyright Act, Title 17 of the U.S. Code, to provide in part certain limitations on the liability of online service providers (OSPs) for copyright infringement.

The DMCA is divided into five titles:

Title I, the “WIPO Copyright and Performances and Phonograms Treaties Implementation Act of 1998,” implements the WIPO treaties.

Title II, the “Online Copyright Infringement Liability Limitation Act,” creates limitations on the liability of online service providers for copyright infringement when engaging in certain types of activities.

Title III, the “Computer Maintenance Competition Assurance Act,” creates an exemption for making a copy of a computer program by activating a computer for purposes of maintenance or repair.

Title IV contains six miscellaneous provisions, relating to the functions of the Copyright Office, distance education, the exceptions in the Copyright Act for libraries and for making ephemeral recordings, “webcasting” of sound recordings on the Internet, and the applicability of collective bargaining agreement obligations in the case of transfers of rights in motion pictures.

Title V, the “Vessel Hull Design Protection Act,” creates a new form of protection for the design of vessel hulls.

Amongst the DCMA’s salient points are the following,

Makes it a crime to circumvent anti-piracy measures built into most commercial software.

Outlaws the manufacture, sale, or distribution of code-cracking devices used to illegally copy software.

Permits the cracking of copyright protection devices to conduct encryption research, assess product interoperability, and test computer security systems.

Provides exemptions from anti-circumvention provisions for non-profit libraries, archives, and educational institutions under certain circumstances.

In general, limits Internet service providers from copyright infringement liability for simply transmitting information over the Internet.

Service providers, however, are expected to remove material from users’ web sites that appears to constitute copyright infringement.

Limits liability of non-profit institutions of higher education — when they serve as online service providers and under certain circumstances — for copyright infringement by faculty members or graduate students.

Requires that “webcasters” pay licensing fees to record companies.

Requires that the Register of Copyrights, after consultation with relevant parties, submit to Congress recommendations regarding how to promote distance education through digital technologies while “maintaining an appropriate balance between the rights of copyright owners and the needs of users.”

Subsection 512(c)of the Copyright Act provides limitations on service provider liability for storage, at the direction of a user, of copyrighted material residing on a system or network controlled or operated by or for the service provider, if, among other things, the service provider has designated an agent to receive notifications of claimed infringement by providing contact information to the Copyright Office and by posting such information on the service provider’s website in a location accessible to the public

The provision of information to the Copyright Office about the service provider’s designated agent is a condition for reliance on the limitations on liability for service providers.

As can be seen there are a number of legislations that have been enacted within the last ten years aimed at countering the growing menace of computer related crime, there has also in the same measure been a similar surge in privacy laws aimed at getting government and corporate bodies that use our personal information to implement appropriate technical and procedural measures to safeguard them.

The laws identified here are by no means the only legislations dealing with cybercrime and privacy rather; they have been identified by the author to provide a backdrop to which the Nigerian law makers can garner suggestions for bringing our laws up to date.

Nigerian Cybercrime Bills Reviewed:

This section of the article takes the form of analysing the two Draft Bills with a view to highlight the impact these will have on governments, corporate organisations and individuals. It will also emphasize areas which in the author’s opinion require review and amendment. It rounds up with a suggestion for a total revamp of the Drafts and adoption of a new cybercrime framework.

As stated at the beginning of this article two cybercrime Bills have been drafted. A critical analysis of the draft Bills highlight disparity between already highlighted global legislations.

The first draft of the Bill titled “Computer Security and Critical Infrastructure Protection Bill ” 2005 raises a number of issues. Before delving into these gaps let us look at some KEY words and their implications.

The words “Critical Infrastructure” are very significant and bring about a number of issues for debate.  The first being, how do we determine infrastructure to be critical?

There are a number of questions to ask and points to be raised before infrastructure or systems are deemed critical.

One of such issues relates to the type of data held by the infrastructure or system. We need to determine what type of data it holds and the potential impact of any change or security breach.

The effect of the Bill will mean that prior to any system being defined as critical, risk assessments on a wide range of issues, including exposure to Terrorism, Business Continuity, and Unauthorised Access will need to be undertaken to determine the impact levels against information Confidentiality, Integrity and Availability.

If these have not been undertaken and defined then it will be unwise to label any infrastructure or system as being critical.

Another question we need to ask is, are critical infrastructure the only environments the law will apply to when it is passed? Are we indeed stating that computer crime legislation is not to be applied to other areas, i.e. home users and non-critical infrastructure? It would be appropriate for the Bill to cover all environments that could be impacted by computer crime and privacy issues.

The definition of Critical Infrastructure should be outlined in the Interpretation section to avoid confusion.

In the author’s opinion, while the title of the Bill is wide the sections do not go deep enough to encompass the issues that a Computer Security Bill or a Critical Infrastructure Bill should include.

A comparative analysis between the first draft of the Bill, European and US computer crime and data protection legislations identifies a number of gaps. Notable of which are the following;

No definition of what constitutes personal data;

No identification of the right to privacy;

No definition of what constitutes data subjects rights;

No appointment of a regulatory body to redress breach (i.e. a Data Protection Commissioner);

No identification of the fact that organisations can also breach data protection rules;

No provision for circumstances where the personal data needs to be utilised without the consent of the data subject;

No provision, definition, or mandatory requirement of technical measures to mitigate data protection breaches.

There is also a lack of security breach requirements.

A critical analysis of the second draft titled “Cybersecurity and Information Protection Agency Bill” 2008 which while much better in its ambit, highlights a number of gaps and identifies the challenges Nigeria faces when it comes to understanding and implementing adequate and sufficient computer crime and privacy legislations.

There are a number of sections within this Bill that will need to be amended, removed or added to, before it can be deemed an appropriate and up to date legislation to deal with computer crime related activity as applies in the 21^st century.

Second Draft Overview

The new Bill is made up of 37 Sections; the following highlights the themes of its sections.

The first 6 sections of the Bill provides for the establishment of a cyber security and information protection agency, along with staffing requirements.

Sections 7-23 see the introduction of new computer related offences and associated punishments on conviction. These include but are not limited to the unlawful access to computers, unauthorised disclosure of passwords, fraudulent email and spamming  computer fraud and data forgery, system interference, misuse of devices, impersonation and fraudulent access

Sections 24 and 25 introduce the critical information infrastructure, audit and offences.

Sections 27 Looks at civil liability

Sections 28-30 identify jurisdiction, powers of court, authorised o

fficer search and arrest.

Sections 31 and 32 make way for electronic evidence and tampering with computer evidence

Sections 33-36 introduces the Agencies powers of prosecution, forfeiture of asset and payment of compensation

Section 37 rounds up with definitions

Sections for Review

There are a number of issues that need to be raised in relation to this Bill; I shall now look at sections for review and amendment along with their impact.

Section 9

Section 9 relates to Unsolicited Commercial e-mail (UCE), Unsolicited Bulk e-mail (UBE) or fraudulent email messages and spamming. Fraudulent email Spamming has for a long time been the scourge of Nigeria’s reputation.

This section is a welcome development in attempting to reverse Nigeria’s somewhat tarnished Internet image. There will need to be collaboration between appropriate authorities to let all countries and bodies know that we have introduced this as a way of combating the issue.

The inclusion of this section will have the impact of showing that we have an understanding of the problem and could go a long way in reversing the tainted image.

Subsection 3 states that persons who do not have commercial or transactional relations with receipts should not send spamming commercial messages.

This subsection may need to be amended to include wording to the effect that spammers should include in their message headings warnings/notices that the message sent is spam. This will be in line with other legislations on the issue.

It should be mentioned here that not all spam messages are illegal. Indeed, while many messages can be deemed to be a waste of people’s time and are basically advance fee fraud, some of them actually provide informational and commercial benefit.

As such what the Bill should provide is wording to the effect that anyone sending spam should let recipients know that the message is spam. This will allow recipients a choice of whether to read or delete it when it arrives in the mailbox.  Users can then configure their emails so that spam messages automatically get sent to their deleted email folders.

The subsection should then state that persons who do not warn that they are sending spam messages will be liable to the penalties for none compliance.

A few words will need to be changed and defined for instance, the word receipts should be recipient and the word “He” should be changed to “They” to include both male and females.

Section 11

Section 11 introduces the system interference offence; this recognises the fact that an authorised person can commit an offence if they exceed their authorised duties.

This has the potential to impact anyone who in their course of work configures information technology or telecommunications systems.

The introduction of this section will have an impact on the way work organisations, staff and third parties develop operational and disciplinary, policies and procedures.

It will indeed lead to organisations defining and developing roles and duties matrices along with putting appropriate change control policies in place.

This will include Human Resources designing induction packs for new starters so that they are aware of their obligations. It will also lead to organisations having to retrain staff on the issues, so that they are aware of the disciplinary aftermath of any unauthorised actions.

It will also impact companies that specialise in conducting security penetration and vulnerability testing, and will call on them to ensure systems they are testing for loopholes and vulnerabilities have a defined scope when conducting their tests, otherwise they could be sued under the provisions of this section in the event that networks and systems outside of the scope are affected by their tests.

The section will undoubtedly lead to organisations including warnings to their staff that they can be prosecuted under this law in the event that they in anyway act maliciously towards them in the operation of their duties.

This is especially necessary given the fact that a majority of system interference cases are caused or initiated by insiders or third parties that have confidential knowledge about an organisations environment.

Section 15

Section 15 (1) relates to data retention. It is to be noted that there are some concerns associated with this subsection that need to be discussed.

Firstly, Nigeria does not have a Data Protection Legislation. It is to be noted that one of the principles of Data Protection is that personal data should not be kept for longer than is necessary.

This then brings to question the absence of Data protection requirements within the draft Bill.

Bearing in mind that the Bill provides for the establishment of an Information Protection Agency, one would have thought that requirements about how personal information is to be handled from a legal perspective are spelt out.

It is therefore recommended that a section should be introduced within the Bill, which makes it a requirement for organisations to adhere to Data Protection principles. This should then be followed with a section within the Bill which introduces Data Protection principles and the penalties for none compliance.

A note on data protection: This is one of the key legislations Nigeria will need to enact, if it really wants to be a player in the extremely lucrative outsourcing space.

A lot has been written and discussed about making Africa an outsourcing outpost, with great debates about technologies and infrastructure required to be in place before that can happen. It has to be mentioned however that without the appropriate legislative framework in place, we will not be able to hit first base. It is the author’s very strong suggestion that we include provisions for data protection in our legislations before discussing the types of technology, data centres and other infrastructure required for us to partake in outsourcing.

As an example, one of the principles of the European Data Protection Directive is that Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Now bearing in mind that processing of personal data constitutes a large segment of outsourcing, it makes a clear cut case for Nigeria to implement the legislation first before trying to identify what technologies are required.

Another point to note is that the Bill does not provide guidelines stipulating how long data various types of data may be retained.

The impact of the data retention section is that in the event that time-frames for keeping data types are not set in stone, ISP’s and other organisations will need to ensure they have adequate backup and data storage facilities including policies and procedures for keeping information. This will without a doubt raise privacy, security and costing issues.

In relation to costs, the key question will bear the burden of these costs, government or the organisations requested to retain the data? ISP’S will therefore need to look at how this piece of legislation will impact their operations from a cost perspective.

An immediate impact of the retention issues will be in relation to the SIM Card registration directive. For example, in the event that a subscriber is no longer a customer of a telecommunications service provider, how long will their data be kept with that ISP?

Under Data Protection Laws, the information should be deleted once the customer notifies them of the fact. Is this something that has been identified for the SIM card personal details retention?

Subsection (4), which states that ISP data retrieved for law enforcement agencies shall not be utilized without consent of the individual to whom the data applies, is quite intriguing.

The wording in this section will definitely need to be rephrased as in its present state it can be interpreted that if a suspect under investigation by law enforcement agencies does not consent to their data being accessed, then that data cannot be used.

Section 18

Section 18 introduces obligations on service providers to assist law enforcement agencies in identifying offenders. It should be noted that due to the fact that many breaches are internal breaches, there should also be an obligation on all organisations to develop, implement and ensure enforcement of industry standard policies, processes and procedures for computer related breaches.

Section 24

One of the most controversial and potentially dangerous sections in this Bill and one which should raise National security concerns is section 24. This section stipulates that information about critical infrastructure will be published in a gazette.

This will definitely need to be reworded. In a time of state sponsored hacking along with terrorism and Cybercrime attacks, the last thing we need to be doing is publishing information about our critical infrastructure in gazettes for public consumption.

From my experience as a government risk assessor accrediting government systems, I can state here that we need to adopt a “need to know” policy in relation to government systems whereby only persons who have been vetted appropriately have access to such information.

Placing critical infrastructure information in a gazette is not a smart idea. Rather it shows a lack of understanding of the risk, threats and vulnerabilities that may accrue to critical systems. If this is the only recommendation that gets reviewed and amended from this Bill then for National Security reasons alone, it is justifiable.

Section 24 (2b) mentions procedural rules and requirements for securing the integrity and authenticity of data or information.  This should be amended to include the confidentiality and availability of information.

Confidentiality, Integrity and Availability are the cornerstone principles for information security and will need to be identified when carrying out impact assessments in relation to what will be affected when classifying systems for criticality.

There also needs to be an obligation placed on organisations that suffer security breach to personal information to be made to declare such breaches. This will allow persons affected to take necessary actions to prevent further loss and negative impact on them.

Development of The Nigerian Cybercrime Framework

Above are a number of points that can be raised in relation to the gaps in the adequacy of the Nigeria’s computer crime Bills.

While a review and amendment may make it more meaningful, I believe we need to take the proverbial bull by the horns and develop a list of legislations that will form our Cybercrime Framework to replace the current Bills.

This may be difficult due to the tedious nature of passing legislation in Nigeria, it is however recommended that the legislative and Senate committees tasked with combating crime take this issue to the forefront of their initiatives with a view to enacting within a twelve month period ensuring that the best brains on the issue not only from a legal and technical point of view but also on experience are actually consulted and involved in the process.

This is necessary so that we generate appropriate sections and wordings as well as anticipate what technologies are on the horizon so that the laws that constitute the framework are not obsolete and ineffective when passed.

This framework should comprise the following:

?       Computer Misuse

?       Data Protection

?       Data Retention

?       Electronic Commerce

?       Information Security

?       Lawful Interception

Impact of the legislation

Nigerian lawyers are undoubtedly losing out on lucrative cases due to the lack of legislation on cybercrime. It should be noted that a number of opportunities to challenge financial institutions for negligence in the implementation of online banking and the roll out of ATM cards which has led to customers losing money have not been taken due to either a lack of understanding of the issues as well as lawyers and judges not being adequately trained in information technology related issues.

With the advent of these legislations will come the need for universities, schools of higher learning and academic institutions to devise specific courses designed to allow the next generation of Judges and Lawyers become skilled in what is a challenging but lucrative area.

It is the authors’ opinion that technology law needs to be on the curriculum of all Nigerian law faculties, as a minimum the following modules need to be mandatory to enable law students grasp the basics of the issues when dealing with the laws relating to technology:

New Technology Law Syllabus:

Computer Misuse

Data Protection

Data Retention

Electronic Commerce

Information Security

Information Technology

Internet

IT Contract Negotiations

Lawful Interception

Telecommunications

Current Judges and Lawyers will also need to become familiar with these issues through cross training, in order to be able get up to speed with the intricacies of computer crime so that they can take on cases and pronounce judgements.

Benefits of implementing this Framework:

The implementation of these laws will also allow us to tackle computer related criminal activity in a more structured manner.

The laws will allow defined guide lines as to what constitutes unacceptable behaviour while using computers with defined penalties for breach.

The implementation of these laws will also allow us to join the European Convention on Cybercrime.

This will give us a major boost from a reputational perspective. Many of us are also aware that Nigerian related IP addresses have been blocked by credit card companies, putting these laws in place can go a long way in showing that we have the base apparatus

for dealing with credit card fraudsters once they are apprehended. This can be used as a tool for negotiations to remove such IP blocks in order for truthful and non fraudulent Nigerians to partake in the billion dollar e-commerce trade from the their homes.

From an economic perspective, one of the aims of the 2020 vision is to see Nigeria become recognised as a growth economy with similar growth patterns to the BRIC countries (Brazil, Russia, India, and China).

A lot of discussion has been made on the impact technology will have in accelerating this aim. It must however be mentioned that the current legal framework will need to be overhauled to meet the changes and challenges that technology will bring, and for that purpose the need for us to revamp our technology related laws for us to meet the 2020 vision aims.

We have seen the impact of telecommunications and the interest it has received from foreign telecommunications companies and investors. The development and implementation of these laws can allow the same response from technology companies and investors.

The offshoot of this is job opportunities for Nigerians and the development of new services and technology related products for the benefit of all.

With the development of these laws, we will be seen as a nation that does not solely   depend on oil, but rather as one that wants to embrace and diversify into the new areas of technology. It will enable us to showcase our move into technology governance from a sound legal base thus providing us a positive image.

Conclusion

It is imperative that we get these legislations right, as there are a host of other African countries that are looking to implement similar legislative frameworks. We need to be leading by example as the self styled Giants of Africa.

Nigeria cannot afford to be in anything but first place as the potential rewards from an outsourcing perspective are there for the taking to the country that is chosen to spearhead the African outsourcing renaissance.

It should be noted that it is the absence of appropriate computer crime and privacy legislation rather than the lack of technology that prevents us partaking in this area.

We should also note that we are not alone in trying to implement these types of laws and are by no means in a unique position in Africa. Indeed many African nations are in the development stages of rolling out their technology laws.

We are in an arms race; it is my forecast that it is the country that develops the most cohesive set of laws in this area that will be spotlighted for outsourcing opportunities. The time has come for us to be accounted for; we urgently need to implement these laws to rejuvenate our economic chances for the future with the possibility to become true powerbrokers in this area.

Nigeria has been in the throes of implementing technology law and computer crime legislation for the best part of half a decade. Within this period, there have been two Bills drafted in an attempt to bring our laws up to date and in line with our counterparts in other parts of the globe.

It is to be noted however that while these attempts are an acknowledgement of the need for such legislation, the reality is that there are a number of gaps in relation to what has been proposed in these Bills and what is required for the laws to be adequate enough to tackle the growing risks, threats and vulnerabilities that can accrue to governments, organizations, and individuals when trying to legislate for computer crime.

This article provides insight into current global computer crime and privacy legislations, a critique of the Draft Nigerian Bills, followed by a recommendation for review based on the implementation of a cybercrime legislation framework for Nigeria.

Global Computer Crime and Privacy Legislation

This section provides an introduction to a number of legislations that have been enacted to cater for computer crime and privacy. The format being to identify global cybercrime

legislation, highlight key sections before rounding up with punishment and examples of breaches that have gone before the relevant authorities.

It is to be noted that most of these legislations have come into being due to the rise of criminal activity over the internet, identity theft and the need to protect personal information. These laws have also been a reaction to such new computer crime trends.

They have also recognised the need for organisations that have been provided personal information in exchange for services to become responsible for the safeguard of such information with resultant penalties for breach.

There has also been the need to react to the changes in technological advancements which have made previous legislations redundant in their capacity to deal with the issues.

Cybercrime Convention (EU 2004)

A good starting point on what makes up good Global Computer Crime legislation is the European Cybercrime Convention.

This is a Treaty entered into force on 1^st July 2004 with an additional Protocol for the criminalization of racist and xenophobic material through computer systems coming into force on 1^st March 2006.  It has been adopted by member states of the European Union along with the United States and South Africa, to address computer related crime by harmonizing national laws.

The Computer Crime Convention defines a number of offences which members can include in their national laws. Examples of such computer related offences include but are not limited to the following:

?       Offences against the confidentiality, integrity and availability of computer data and systems

?       Illegal access

?       Illegal interception

?       Data interference

?       System interference

?       Misuse of devices

?       Computer-related offences

?       Computer-related forgery

?       Computer-related fraud

?       Content-related offences

?       Offences related to child pornography

?       Offences related to infringements of copyright and related rights

?       Offences related to infringements of copyright and related rights

?       Computer-related offences

?       Attempt and aiding or abetting

?       Corporate liability

?       Expedited preservation of stored computer data

?       Expedited preservation and partial disclosure of traffic data

A key feature of the Treaty is identifying that Legal persons can be held liable for a computer crime related criminal offence established in accordance with the convention. Such criminal activity may be committed for their benefit by any natural person, acting either individually or as part of an organ of the legal person.

This takes into account industrial espionage and other corporate illegal activity.

It is to be noted that South Africa is the only African country that has signed up to the Treaty.

Computer Misuse Act (UK 1990)

The UK Computer Misuse Act of 1990 has been enacted to secure computer material against unauthorized access or modification: and for connection purposes. Prior to 1990, there were no laws in the UK relating to Computer Misuse. The Act identifies three main computer misuse offences:

?    Unauthorised access to computer material.

?       Unauthorised access with intent to commit or facilitate commission of further offences.

?       Unauthorised modification of computer material.

Unauthorised access offences are typically punished upon conviction with up to 6 months imprisonment and or a maximum fine of £5000.

The other two offences are taken more seriously with jail terms of up to 5 years and unlimited fines.

Data Protection Directive (EU 1995)

The Data Protection Directive is a European Union directive which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law. The directive was implemented in 1995 by the European Commission.

It requires anyone who handles personal information to comply with a number of important principles. It also gives individuals rights over their personal information.

In the age of the Internet and the abuses that may be derived, Europeans’ guardedness of secret government files has translated into a distrust of corporate databases.

Governments in Europe have taken decisive steps to protect personal information from abuse.

Anyone who processes personal information must comply with the following eight data protection principles:

Personal Information must be processed:

?       Fairly and lawfully

?       Processed for limited purposes

?       Adequate, relevant and not excessive

?       Accurate

?       Not kept- longer than necessary

?       Processed in accordance with the data subject’s rights secure

?       Not transferred to countries without adequate protection.

It is important to note that Data Protection affords redress against breaches to these principles and as such more organisations are taking heed that they could be liable to penalties in the event of such contraventions. Indeed in the UK, the limit of such fines has been raised from £5000 to £500,000.

In the UK, Mobile Phone Company Orange was criticised for not keeping its customers’ personal information secure

It was investigated after the ICO received a complaint about the way Orange processed personal information.

New staff shared user names and passwords when accessing the company IT system, which meant that information, could be accessed by unauthorised members of staff.

Orange was ordered to sign an undertaking to comply with the rules of the Data Protection Act.

Several banks were also criticised for dumping customers’ personal information in bins outside their premises.

The institutions were HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough Building Society, Clydesdale Bank, NatWest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank and Nationwide building society.

The probe followed evidence from the BBC’s Watchdog programme which found information including details of a bank transfer for £500,000 outside a Nottingham branch of the Royal Bank of Scotland.

They promised to comply with the Data Protection Act following the investigation and can be prosecuted if they fail.

Security Breach Legislation (US 2002)

In the United States, security breach notification laws have been enacted in most states since 2002. These laws were enacted in response to the escalating number of breaches to personally identifiable information located in consumer databases.

The first of such laws, the California data security breach notification law, Cal. Civ. Code 1798.82 and 1798.29, was enacted in 2002 and became effective on July 1, 2003.

This law requires state agencies, businesses or people who conduct business in California that own or license computerised data which includes personal information to disclose in specified ways, any breach of the security of such data, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been acquired by an unauthorised person.

It is to be noted that the law permits delayed notification if a law enforcement agency determines that it would impede a criminal investigation. It also requires any entity that licenses such information to notify the owner or licensee of the information of any breach in the security of the data.

In general, most state laws follow the basic principles of California’s original law: Companies must immediately disclose a data breach to customers, usually in writing.  California has since broadened its law to include compromised medical and health insurance information.

It is to be noted that the 2009 Health Information Technology for Economic and Health Act also requires covered entities to notify affected individuals and the Secretary for Health and Human Services following a breach of unsecured protected health information

Europe is in the process of passing security breach notification laws. In Nigeria, it would be wise for us to include the notification requirement in the new cybercrime bill, given that we have already suffered such issues with the recent ATM incidents and will be requiring mobile phone users to provide personal information when registering for SIM cards.

Personal Data Privacy and Security Act US (2005 updated 2009)

This legislation was enacted after security breaches at Choicepoint (See penalty below) and LexisNexis.

The Act provides criminal penalties for identity theft involving electronic personal data by: increasing penalties for computer fraud when such fraud involves personal data. It also adds fraud involving unauthorised access to personal information as a predicate offence. The Act also makes it a crime to intentionally or willfully conceal a security breach involving personal data.

It gives individuals access to, and the opportunity to correct, any personal information held by data brokers; and

?       Requires entities that maintain personal data to establish internal policies that protect such data and vet third-parties they hire to process that data;

?       Requires entities that maintain personal data to give notice to individuals and law enforcement when they experience a breach involving sensitive personal data;

?       Limits the buying, selling or displaying of a social security number without consent from the individual whose number it is, prohibits companies from requiring individuals to use social security numbers as their account numbers and places limits on when companies can force individuals to turn over those numbers in order to obtain goods or services, and bars government agencies from posting public records that contain Social Security numbers on the Internet;

?       Requires the government to establish rules protecting privacy and security when it uses data broker information, to conduct audits of government contracts with data brokers and imposes penalties on government contractors that fail to meet data privacy and security requirements.

Consumer data broker ChoicePoint, Inc., which in 2005 year acknowledged that the personal financial records of more than 163,000 consumers in its database had been compromised, will pay $10 million in civil penalties and $5 million in consumer redress to settle Federal Trade Commission charges that its security and record-handling procedures violated consumers’ privacy rights and federal laws.

The settlement requires ChoicePoint to implement new procedures to ensure that it provides consumer reports only to legitimate businesses for lawful purposes, to establish and maintain a comprehensive information security program, and to obtain audits by an independent third-party security professional every other year until 2026

Identity Theft Act US 1998

Following testimony by the Federal Trade Commission in front of the US Senate, federal officials deemed it necessary to address growing concerns over identity theft scams.

The Identity Theft Act was passed in the United States to offer identity theft protection for individuals and businesses that can or have been victims to identity thieves. Fully entitled The Identity Theft and Assumption Deterrence Act, it was passed by the US Congress and signed into law by President Bill Clinton in 1998. An amendment to the law was enacted in 2003.

The law came into being due to the exponential rate in which consumer’s personal information was being exploited in the United States due to the advent of the Internet and the rise in large consumer databases. It was also fuelled by the increased access to computers which now housed detailed information about individuals and their financial records.

The Identity Theft Act identifies crimes involving loans, mortgages, credit cards and lines of credit that can be prosecuted. It also includes additional crimes to which people can be prosecuted should they be caught. US Code Title 18 was amended to include any fraud committed using identification documents or personal information. It also made it illegal to knowingly transfer this information to other people without authorisation, regardless of intent.

The identity thief needs to have the intention of defrauding a person, business or government agency within the country. Criminals can be charged if they commit identity theft either through the mail, across state lines or internationally.

The Identity Theft Act allows for punishments of 5, 15, 20 or 30 years depending on the crime. It also calls for fines determined by certain factors such as the extent of financial disparity caused.

In extreme cases, there is also a statute that defines certain incidents as “Aggravated Identity Theft” which allows for consecutive sentences to be enforced upon criminals.

A PAPER PRESENTED BY THE PRESIDENT INSTITUTE OF SOFTWARE PRACTIONERS OF NIGERIA(ISPON),CHRIS UWAJE(FNCS) AT THE MAIDEN EDITION OF THE NIGERIA INTERNETWORLD CONFERENCE AND EXIBITION ON THE 20TH OF JULY,2010,HOLDING AT AFE BABALOLA HALL,UNILAG,LAGOS.

INTRODUCTION

There is no meaningful and constructive Business facet that can thrive in an atmosphere of insecurity and absence of TRUST.

H.L Mencken said “it is mutual TRUST, even more than mutual interest that holds human associations together”.

Trust is the soul of any business, thus before any individual, corporate organisation, or nation seeks a business fellowship with another, the trust and confidence implications of the relationship or association is considered critically. It becomes more critical in contemporary times when Globalization, The internet, and the quest to rescue third world and developing nations from the throes of poverty and underdevelopment.

Internet for Business, Internet oriented Governments and Economies are advocated for developing nations as a means of escape from Poverty, Unemployment, Hunger, Poor Health Care, Education etc. It is also being championed as an avenue to enhance Social Stability,Economic Viability and National Consciousness.

In the midst of all these merits of the Internet, the issue of trust also becomes a critical concern owing to the faceless and impersonal nature of business and associations carried over this resource.

No Internet Business will thrive on a compromised and exploiting framework. Strengthening our cyber infrastructure, no doubt increases trust and builds confidence in customers and prospective clients.

Today we consider the Implications of Cyber Crime on the Growth of Internet Business in

Nigeria.

CYBER CRIME AND CYBER SECURITY

What is Cyber crime and Cyber Security?

Broadly speaking, Cyber Crime can be described as THE USE OF COMPUTERS AND OR THE INTERNET TO COMMIT CRIME. Computer-assisted crime includes e-mail scams,hacking, distribution of hostile software (viruses and worms), denial of service attacks, theft of data, extortion, fraud and impersonation. It becomes more peculiar and disturbing because

the Cyber space, through which these crimes are perpetuated is not defined by political or geographical boundries, thus amending laws to curb them becomes a challenge.

We could also define Computer crime broadly as criminal activity involving an information technology infrastructure: including illegal access or unauthorized access; illegal interception that involves technical means of non-public transmissions of computer data to, from or within a computer system; data interference that include unauthorized damaging,deletion,deterioration, alteration or suppression of computer data; systems interference that is interfering with the functioning of a computer system by inputting, transmitting, damaging,deleting, deteriorating, altering or suppressing computer data; misuse of devices, forgery (ID theft), and electronic fraud.

CyberCrimes differ from terrestrial crimes in four ways:

i. They are easy to learn how to commit;

ii. They require few resources relative to the potential damage caused;

iii. Can be committed in a jurisdiction without being physically present in it;

iv. And they are often not clearly illegal.”

CyberSecurity on the other hand entails all measures taken proactively and actively to prevent and ensure safety from cyber attacks.

Cyber attacks vary and evolve daily with advances in technology. Amongst the common cyber threats includes but is not limited to the following;

i. Cyber theft

ii. Cyber terrorism

iii. Cyber stalking

iv. E-mail Forgery /Spoofing

v. Online Auction fraud/Online fraud

vi. Phishing

vii. Online Child Pornography

viii. Malicious Codes-Viruses/Worms/Trojans

ix. Hacking/Computer Intrusions

x. Identity Theft etc.

xi. Intellectual Property Rights(IPR) matters

xii. Economic Espionage (theft of Trade Secrets)

xiii. Cyber laundering/Cyber Contraband

Statistics (World, Nigeria)

The Symantec Internet Threat First Quarter Report of 2010 ranks Nigeria as 70th on the Global Internet crime watch and 43rd in the EMEA (Europe, Middle East and Africa)Countries. Nigeria is first in Africa, followed by Ghana and South Africa.The United States of American ranks first according to IC3 2009 reports, with the UnitedKingdom coming in second. Shockingly, Nigeria is ranked third after the U.K.

Laws/policies against Cyber Crime

The success and proliferation of cyber crimes has overtime been traced to the absence or limited scope of anti cybercrime laws, both locally and internationally. To this end, most nations are taking time to shore up legislations to strengthen national cyber laws and also seek for a harmonised international law against cybercrime owing to the absence of geographically defined boundaries in cyber space.

Evidence of such limiting nature of international legislation can be seen in the case of the LOVE BUG virus in May 2000 which was reported to have cost a loss of $10billion globally and infected no less than 45 million computers. The FBI could not proceed with a search warrant on tracing the source to thePhilippines due to the absence of adequate legislation against cyber crime in the Philippines as at the time. Nations with cyber related laws include the Turkey (recently became a party to the Council of Europe treaty on cybercrimes), Australia, Belgium, Canada, Chile, Ireland,

India, Japan, Spain, UAE, USA etc

Cyber crime/Security- The Nigerian Situation

The capture of Al Qaeda’s operative, Muhammad Naeem Noor Khan in July 2004, provided the Pakistani and American Intelligence Authority with some of Al Qaeda’s Internet Communication Strategy. It also identified that Nigerian Websites and Email System were used by Al Qaeda to disseminate internet information. This has once again brought up the pertinent questions of the safety and security of Nigeria’s national cyberspace. Cybercrime in

Nigeria is difficult to prove as it lacks the traditional paper audit trail, which requires the knowledge of specialists in computer technology and internet protocols. Nigeria is rated third by the IC3 2009 report of Internet crime prevalence, and 70th by the Symantec Q1 2010

internet security report.

Internet Business & cyber vulnerability Implications

The Internet Business and E-commerce of all sorts depend on the credibility of the individual or institution to operate owing to the fact that the internet avenue often abrogates the need for physical one-to-one meeting. A facility that has a high probability of compromise or little or no assurance of security (financial returns, or legislative) will certainly not attract investors or

patronage owing to the high risk of the venture.

If the Nigerian e-commerce terrain lacks the necessary structure to guarantee security of investment as well adequate return on investment, then it leaves much to be desired.We are already enmeshed in the information/knowledge age and it’s only a matter of time

before all human activities will be modulated by ICT. The implications are rife, not only for our businesses but also for our Economy and Government as these are really threatened in the event that adequate CyberSecurity measures by way of Cyber crime laws, Training/equipping

of Personnel to handle cyber crime prevention, monitoring,detection,and prosecution etc arenot provided.

The implications of unbridled cybercrime in the Nigerian terrain include but not limited to the

following:

- A failed state, anarchy, haven for criminals, terrorist, (the Somali experience)

- e-commerce not reaching its full potential,

- loss of money

- Online robbery of Banks

- Loss of customers,

- Brand name damage

- Potential lawsuits

- Illicit access to intellectual property.

- Hijacking of the arm of Government,

- Communications and data privacy violations and intrusions,

- etc

Recommendations

- The Government should live up to expectations: Most of the crimes committed result from a poor economy, high unemployment rate, lack of social welfare measures and collapse of public utilities. Few Nigerians, if at all, engage in cybercrimes for psychological kicks/ecstasy or recreational purposes, thus adequate measures should be put in place to meet the basic needs of the populace. Also, Government should proactively work with the ICT community, Law community, Interest groups etc in enacting appropriate cybercrime laws and cybersecurity measures to checkmate these

issues, else with time, the Government will be eroded when E-governance takes full stage.

- Businesses should Recognize the real problem is crime, not hacking: cyber-crime is becoming an increasingly salient component of the business environment.Disruption, denial of service, and web site defacements will continue to be problems,but exploitation of access to information systems for profit is likely to become more pervasive. The trend towards accessing business systems, highlighting security holes,and offering one’s services for a significant fee, for example, is a thinly veiled form of

extortion. As such, it is very different from traditional hacking that is designed to highlight security problems and ways of dealing with them as simply a demonstrationof expertise.

- Business intelligence needs to include criminal intelligence analysis:

Criminal intelligence analysis needs to be integrated fully into business intelligence; risk assessment needs to incorporate criminal threats; and cybersecurity needs to be conceptualized as part of a broader security problem that cannot be understood or dealt with in strictly technical terms. Defending against such contingencies requires that businesses develop broad security programs that incorporate cyber-security into a

much broader program. Cyber-security needs to be one component of a broader security program that includes personnel, physical assets, the provision of services,and financial assets.

- Beware of infiltration: this comes often by way of partnerships with foreign business organisations. Organisations should ensure a thorough background check of companies (their employees and consultants etc) seeking to partner with them before allowing for mutual sharing of data and communication assets.

- Develop partnerships and information-sharing arrangements: this comes in the form of sharing information with sister companies or firms in the same line of business and also with the law enforcement officials. Reason being that, often, theapproach used on a particular business is replicated to others in the same sector. Also,it helps in monitoring trends and following up on leads by the law enforcers.

- Be sensitive to money laundering opportunities: Companies offering financial services on the Internet – and particularly those offering mechanisms to facilitate financial transactions – need to take steps to identify opportunities for money laundering. Once this is done, they need to introduce safeguards to close loopholes

and prevent money laundering.

- Businesses should ensure an updated Security Policy:

Owing to the nature of businesses today, the computer, networks and the internet cannot be ruled out; hence businesses should regularly update their security policies keeping tabs on current procedures.

Schemes such as Real-time Content Inspection of incoming and outgoing

web traffic should be encouraged while still maintaining the regular security

procedures like Firewalls, Spam filters, Anti-Viruses etc.

We as a nation should begin to imbibe the national consciousness disposition andunderstand that any threat that is channelled towards the nation will ultimately affect us,thus all hands should be on deck to ensure that this monster of cyber crime does not find a conducive abode in Nigeria.

Thank You and GOD BLESS NIGERIA.

Uwaje Chris (FNCS)

President (ISPON)

The event which is slated to hold on September 23 and 24, 2010 will feature a lecture series and the unveiling of a documentary on 50 years of ICT sector in Nigeria.

Briefing media executives recently, Chief Executive Officer, Technology Africa, Don Pedro Aganbi, said that the documentary, which is the first of its kind will bring together will focus on how the telecom, software and hardware industries

According to him, the Nigerian ICT industry has evolved from a very humble beginning at independence and has grown to a point where it has given Nigeria a pride of place among the comity of nations. “It is in this regard that we think the activities of the drivers of the sector be documented and broadcasted to the whole world,” Aganbi said.

The documentary, which will also be in print in the October edition of e-Business Life Magazine, will be a reference point for those who will want to know the true story of pioneers and revolutionaries in the hardware, software and telecom industry

Aganbi also said that the event a lecture on the ICT industry since independence and a dinner with top 50 ICT brands. Tagged “Nigeria’s Top 50 Brands @50, in collaboration with the federal ministry of information and communications, he added.

Also speaking Publisher, e-Business Life, Mrs. Ufuoma Emuophedaro noted that the ICT sector has been a major ace in the development of the Nigerian economy therefore making it very important that the drivers of the sector be celebrated.

She further noted that the pace of transformation in the industry coupled with the significance of a golden jubilee makes this an appropriate time to document the unique happenings and those who propelled the industry since independence. “We need to celebrate our own and project a positive image of the Nigerian ICT sector to the rest of the world in order to sustain the growth beyond 2010,” she said.

In addition, Mr. Kenneth Omeruo,Founder www.techTrendsng.com supports the initiative and that it will be a material for reference and for global consumption and that the documentary will be made available on the social media and the internet.

In view of that, relevant contribution of key players, Sponsorship, advert placement and general enquiries can be directed to any of these numbers: 08023135915, 08033270372, and 08052207809.

AN ADDRESS PRESENTED BY MR KENNETH OMERUO,THE CO-ORDINATOR OF NIGERIA INTERNETWORLD CONFERENCE AND EXHIBITION(NICE) AT THE MAIDEN EDITION TAGGED NICE2010 ON 20TH JULY,2010 AT AFE BABALOLA HALL,UNILAG,LAGOS,NIGERIA

On behalf of the organizers of this event; TechTrendsng.com, Embolden limited and all other participating firms, I welcome you to the maiden edition of Nigeria Internetworld Conference and Exhibition (NICE).

First let me introduce our platform,TechTrendsng.com is an ICT based e-publishing platform that has been in the fore- front of empowering Nigerians and has become the leading ICT blog in Nigeria(By Google ranking) within one year of its existence while Embolden Limited is a Youth development and empowerment company.

Nigeria Internetworld Conference and Exhibition (NICE) is a one day annual event which provides education, empowerment, networking, business opportunities for Nigerians. It is a gathering of Internet based businesses, service providers, e-Commerce providers and experts that are involved in online marketing, e-commerce technology, web technology, content development and management and also users of the Internet and its technology.

NICE is a platform where Nigerians will be educated and empowered with the latest development in the world of Internet. This event will no doubt spark up the Internet for Business (I4B) revolution in Nigeria and encourage entrepreneurship thereby reducing Cyber Crime. It is also a major vehicle in effective rebranding our Nigeria because the world has a negative opinion about Nigeria and Internet, NICE is set to change their opinion about us. NICE will also encourage the development of local internet content and applications for Nigeria cyberspace.

The mode of achievement of the main essence of the conference is through seminars, exhibitions and networking.

The seminar will involve speakers who are experts in relevant Internet related fields and stakeholders in ICT industry in Nigeria. Topics will be drawn from the focus and theme of the event.

The theme of this year’s event is:

INTERNET FOR BUSINESS (I4B): EMPOWERING NIGERIANS THROUGH THE INTERNET.

NICE2010 has been proudly endorsed by Nigeria Internet Group (NIG), Association of Telecommunications Companies of Nigeria (ATCON), Information Technology Association of Nigeria (ITAN), Institute of Software Practitioners of Nigeria (ISPON) and Center for Information Technology and Systems (CITS) UNILAG.

Our focus this year is on the following:-Internet access and Connectivity, e-commerce, Digital marketing, Internet security, Social media and their application, Content development, Internet and its application in different fields like media, Internet trends and Business opportunities.

Having said that, I want to personally appreciate all the associations and organizations that supported us, Mr Chris. Uwaje, Dr Emmanuel Ekuwem,Engr.Titi Omo-Ettu,Engr.Lanre Ajayi,Prof.Uwadia,Dr.Jimson Olufuye,Don Pedro Aganbi, for their support, Muhammed Rudman for believing in this initiative and his support. My friends in the media, BleuOrange media, TA-strategies, Wildfusion, Futuresoft Resources, and to you here present who has supported this event in one way or the other, I say welcome! We are on the part of History!!

 You may be forgiven if you thought, from the name Bharti Airtel that we are referring to an airline rather than a telecommunications company. If its meteoric rise among world-class mobile telecom service providers has been overlooked in the past, its acquisition of Zain’s African assets for a staggering $10.7 billion, sure made us take notice. Bharti is now the world’s fifth largest mobile phone company by subscribers base.

It is not new story but the newsy aspect is that the CEO of Bharti was in Nigeria the other day to announce that his company would inject $600million into the business formerly known as Zain Nigeria with a promise to reach all Nigerians with cheap phones. Its capability is neither in doubt nor is it the issue here either but rather that this potential intervention allows the  Nigerian Government defer its responsibility to Bharti playing  the role which is rightly its (i.e. the government’s) to play.

What happens to those who defer their responsibility to another?

What makes Bharti tick is the storyline that it is a master explorer of IP technology in managing business. The trump card Bharti may wish to tout is its outsourcing model of managing business. The core truth lies in the several other things that we do not set out to discuss.

To start with, once a company is able to cultivate IP, it is running on the success lane. All other things will become mere additions. It is what will eventually separate the men from the boys in world economics and in  the craft of using technology to manage business.

Using IP, outsourcing, deep wallets and an excellent PR/media machine that has the world’s ears tuned to its aggressive march into emerging markets, Bharti may just have struck gold and of course we know telecommunications is one intoxicating phenomenon.

By the way, and in parenthesis, our subject is not the kind of telecom firm whose name counted a few years ago. It is a trade vehicle in the manner of emerging businesses where you buy and sell at a profit. The interesting thing is that the Nigerian firm called Zain (formerly many names, almost 5, starting from Econet Wireless) is the one that buyers have always used as bait in Nigeria.

When such companies infiltrate emerging markets, usually via corrupt polities, their take over is total. That is quite understandable isn’t it? Such forays are characteristically into structurally defective markets that are customarily low on morality and ethics and high on corruption. Even when these polities stumble on good decisions, because they are often by default rather than design and lack conviction or principle, their good initiatives tend to somehow self destruct.

Take Nigeria for example. After several years of prevarication and outright refusal by its rulers to embrace liberalization, it eventually did in 1993 but in just one year after it made that decision, it thought the better of it and the initiative was promptly reversed by disbanding the NCC board while simultaneously putting an unbeliever in the liberalization agenda in charge of NITEL to complete the hatchet work. Nigerians, who by then had become almost immune to such crass decision making from it rulers, had to wait another five years till 1999 to make a new beginning. One can attribute a lot of problems that persist today to such those days of poor decision making.

With IP, the need for human intervention in running networks across the world becomes minimized, thus translating to cheaper costs and good margins. And if the gains are truly passed on to the consumers, it makes phone reach the poor and the rural persons cheaper. At least in theory but also demonstrated as real in other climes.

The cost the market pays is that its own technical work force will not partake in the production line. The question is, where does Nigeria stand in all of that? Nigeria is turning out university graduates without preparing them for immediate use of the market. Not even for long term use except that the users will sort that out eventually. Graduate unemployment poses a colossal danger to society. I understand, unpleasantly though, that some of the militants in the creeks are graduates. Well that is just the tip of the iceberg.

Is there a way out?

 Of course, there always is. Can Nigeria keep its people talking without keeping them working? The answer lies in our bargaining for every carrot that comes to the table.  

That is the challenge of Bharti and a subject for another day.

 We may not know the other 3 gentlemen very well but Dr. Eugene Juwah, the new Executive Vice-Chairman, is a well known player in our industry and one whose pedigree we have reason to endorse and we therefore congratulate and welcome them. A particular circumstance of their screening – the embarrassing dilly-dallying of the Senate Committee that was supposed to screen them until the situation was rescued by a change in screening process – is a good take-off lesson for them. It shows the amount of work that remains to do within the polity for us to have a good system.

We pledge to work with them by proactively offering advice, communicating very openly and being their window as they take our industry through the very challenging days ahead. We wish them good luck and the required wisdom to take the industry to the next level using the opportunity that fate has placed at their disposal.

 We advise all players of our industry, indeed all members of our Association to regard the just ended uneasy vacuum as a closed chapter as we pull resources together to forge forth. Discount corruption and poor electricity, there is still so much of problems with our systems that we are even at this period already playing in injury time to get close to destination and we should work as such. Dearth of skills, managerial and technical, access to funding etc. had tormented our businesses to no end and we advise that all join forces with our Association’s plans to engage them headon.

 We expect all those whose firms are registered as telecommunications companies to come up freely of their own to sign up the umbilical cord with our Association’s strategic plans as we shall engage tact and technology to confront these problems one after the other. Or where they do not want to come up and chose to remain umpires, they please do not work to pull the house down.

 We advise consumer advocacy groups which, by the way, we expect to even mushroom more in the coming dispensation to focus on the problems of consumers genuinely and sincerely from position of knowledge and careful study rather than employing arm muscling of irrelevant invitation to and calls of reduced selling cost without, for once, thinking about a managed reduction in production costs. Those who run telecommunication firms are not necessarily patriots but driven by the profit motive and consumer advocates are better admonished to avoid presenting our market as one where only failed companies are the desires of the consumers.

 We advise the media to renew itself to the good work of a watchdog it has always played and to work more on helping the industry to grow.

 We are consoled by the fact that from each of all the above groups have emerged several players who have been models for all human assemblies anywhere in the world.

 We welcome Messsers Peter Igho, Eugene Juwah, Okey Itanyi and Mohammed Bintube into their present station.

 In developing countries, information poverty rapidly becomes actual povertyreduction is the first, and arguably, most urgent, Millennium Development Goal of the United Nations. An MDG snapshot reveals why: as late as 2005, some 1.4 billion people still lived on USD 1.25 or less per day.

Figures fluctuate but around 10 million people still die annually of hunger, and present trends in rising food prices and the global economic crisis may have pushed at least 90 million more back into poverty, according to the latest UN commentaries on progress for MDG-1. Global crisis aside, the trend has been an improving one over the past decade. But for many, better information access may make a substantial and life-changing difference.

 This could be true especially for those outside formal or salaried employment structures – perhaps as many as 1.6 billion people in 2009 on current International Labour Organization estimates.

Making it happen using broadband is one area that the UN Broadband Commission for Digital Development was set up to address. “In Bangladesh, access to information is the core component of any solution you are going to talk about, as opposed to merely a lack of food,” says Kazi Islam, CEO of Grameenphone IT and a Broadband Commission Focal Point. The message is clear: advanced connectivity will deliver major economic benefits everywhere. “Broadband is no longer a luxury…it is a core infrastructure of the modern economy. Those who have it will prosper, those who don’t will fall further behind,“ predicts ITU Secretary-General Dr Hamadoun Touré unequivocally. It is not just emerging economies that have a digital divide.

A 2010 study for the FCC in the United States by the Social Science Research Council found that “low income communities are marginalized without access to broadband – and they know it”. Economic economies Available data suggests strong and positive correlation between communications and development.

On the micro level, studies from Africa and India consistently show that, even for very small farming and fishing businesses, market-matching efficiencies will apply when there are good communications links. This means higher profits for producers and lower prices for consumers when price information is shared on demand via mobile phones and text messaging.

Grameen in Bangladesh has shown that technology and, especially telecom, companies directly and indirectly help a vast network of individuals out of poverty. On the macro-level, recent analysis by OECD suggests that a national FTTH broadband investment in many countries could be paid back over a decade by the reduced costs and increased efficiencies it would deliver in electricity, transportation, health and education provision. The Broadband Commission will investigate so-called trans-sectoral approaches in broadband policy formulation further, say experts.

ITU emphasizes that broadband connectivity costs and policies will be key to effective economic stimulation: the ITU ICT Development Index list entry-level broadband costs on average at 167% of Gross National Income (GNI) per capita in developing countries, but only 2% in developed countries – a formidable gap. The good news however, says ITU, is that prices are now falling significantly.

 

 With the introduction of online services, financial institutions have made it more convenient for customers to access their accounts. It is to be noted however that prior to online accounts being created, customers need to provide these institutions with their personal information such that they can process, transmit and store such information in the order to utilise the information to uniquely identify the customer.

It has been well documented however that many financial institutions have had systems containing customer personal information breached form both internal; and external sources as illustrated above.

Data Protection and Telecommunications:

The telecommunications industry has seen a large uptake in subscription to the services that are being offered. Indeed this can be seen with the radical changes from the previously limited fixed line services in the earlier years to the introduction of the mobile telephone. The advent of the Internet along with the integration of voice, video, data and communications via a single stream  has led to cheaper and faster ways of communicating. New services rendered by mobile phone companies have indeed led to the introduction of 3rd generation mobile phone networks, making it possible for subscribers to send pictures and video clips to each other using these services.

It is to be noted that while the technology is changing, attitudes and an understanding that personal data needs to be kept secure and confidential have not.

Technology makes it much easier to infringe on the rights of individuals especially when it comes to their personal data. Numerous organisations  have identified this situation and have for years been championing the call for greater awareness to make sure that the individual’s fundamental human rights are not infringed.

It is a well-known fact that convergence of these technologies makes it easier for marketing companies to process data to profile people. Like wise it is also possible for criminals to easily gather information about others in their quest to forge identities  in their pursuit to commit crimes.

In recognition of the risks that can accrue to an individual, privacy laws have been enacted to act as a cushion to define what constitutes legal and illegal activity when it comes to the protection of an individual’s data when it is being transmitted over telecommunication streams.

The EU Directive on Privacy and Electronic Communications provides that communication service providers should adopt adequate security measures both from a technical and organisational point of view that are commensurate with the risks that can accrue. With the spate of recent high profile security breaches that have occurred it is paramount that telecommunications providers implement adequate logical and physical security measures to ensure data under their control is safe from unauthorised access, which may lead to loss of privacy. It goes further to provides that users should be made aware of risks that are beyond the control of the service provider .

Data Protection Laws

National data protection laws have developed as electronic commerce has boomed. Indeed, with more coverage being given in the media relating to infringement of privacy, it is no wonder that countries have been more active in ensuring people know what their rights are in relation to these issues and also that data controllers ensure data under their custody is processed in line with data protection legislations.

The European Union has developed a Framework for Data protection; this can be seen in the Data Protection Directive and the Directive on Privacy and Electronic Communications (2002/58/EC), which replaces the Telecommunications Data Protection Directive.

Data protection principles

Data protection laws provide protection of the individual with regards to their personal data, however the question is how does one ensure from the onset that personal data is collected, processed, transmitted and transferred legitimately?

Data protection laws have basic principals that need to be adhered to. Indeed if one analyses for example the European Union Data Protection Directive one will notice that there are a number of principles that form the body of data protection laws worldwide.

These principals can be summarised as follows:

•       Personal data shall be processed fairly and lawfully

•       Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

•       Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

•       Personal data shall be accurate and, where necessary, kept up to date.

•       Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes •     Personal data shall be processed in accordance with the rights of data subjects under this Act.

•       Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Alongside these worldwide principles, the European Union in an attempt to protect personal data processed within its environs has an additional principle relating to transfer of data to third party countries, which covers countries outside the European member states. This provision states that the transfer of data should not be carried out to such countries if they do not have similar data protection laws and measures such as the European Union.

As has been mentioned, The European Union has also adopted a new Directive on the processing of personal data in the electronic communications sector this Directive repeals and replaces the Telecoms Data Protection Directive. It also addresses various issues in relation to the services of electronic communication service providers and their retention of user data.

Data Protection in Europe

The European Directive also has significant implications for those that have made a business out of the sending of direct marketing e-mails where it states that they may only be sent where the subscriber has given their consent . The main aim of this Directive is to harmonise the provisions of Member States laws in relation to electronic communications to ensure an equivalent level of protection of fundamental rights and freedoms, particularly the right to privacy, processing of personal data in the electronic communication sector and to ensure the free movement of such data and of electronic communication equipment and services in the community.

It is to be noted that the Directive applies to the processing of personal data in connection with the provision of publicly available electronic communications services in public communications networks in the community.

The Directive in providing for subscriber protection has laid out a number of articles to which public communication service providers must adhere: An analysis of the salient points reveal the following in the Directives aims in ensuring the fundamental human rights and freedoms particularly the right to privacy for subscribers of electronic communications:

In its attempt to maintain privacy of personal information, the Directive requires service providers ensure confidentiality of communications. This the Directive states can be attained by making sure that communication over public telecommunications lines are free from interception and tapping save on the instance of lawful interception . The article also provides that where communication networks are used in the processing of data, the data subject shall be informed why this is being carried out. The data subject has a right to refuse such processing.

Further privacy rules can be seen in relation to caller and connected line identification. Here the directive states that subscribers must be issued with the possibility of withholding the identification of their telephone numbers when making a call along with being able to reject incoming calls where the incoming caller has refused showing their number.

Location data is a valuable tool that can be used to identify especially in the mobile phone sector where an individual is located  its use can be illustrated where recently in the UK a case involving the hunt for a missing child in the UK  identified that calls purportedly form the girls phone to her uncle (later convicted for her murder) were in fact being made by her uncle from one location .

The Directive in recognising the importance of location data provides that location data can be processed only if it is made anonymous or with the consent of the subscriber for a value added service but only for the duration that is necessary for the processing . The subscriber must also be given the possibility to temporarily refuse such processing of location data information .

An exception to the privacy of caller line and location data is provided for in article 10 where the elimination of calling line identification and location data is sanctioned to trace nuisance calls and in relation to location data for it to be revealed on a temporary basis only to emergency services.

In order to protect user data and information provided in directories, the directive instructs that where directory services are provided in printed or electronic form subscribers must be informed free of charge of the directories purpose ,it further states that subscribers must be given the opportunity to ascertain the possibilities of use of further use of search functions based on the data about them in that directory.

 The Directive in recognising the harmful effects of Spam this provides that there shall be no automated communication using electronic mail or faxes for the purpose of direct marketing without the consent of the data owner .The Directive also enables for legislative restrictions of rights and obligations in relation to certain articles  where national security is at risk and where criminal investigations are being carried out. This legislation also allows for data to be retained for limited periods of time during the investigation of such situations .

Data Protection in the United States

In the United States Data Protection legislation does not stem from a central law as do the Data Protection Directives in Europe, rather one finds sectoral laws, which affect certain sectors and industries. As such due to this state of affairs it is to be noted that as advanced as the United States is on data protection issues, the European Union still regards its data protection regime as one that requires special provisions such as the Safe harbour rule when it comes to the transfer of data from EU member states to the United States.

Even though there is no general law on data protection the Supreme Court case of Whelan v Roe  illustrated the recognition of the right to privacy of information.

It is to be stated at this point however that while it may seem that due to the sectoral nature of data protection legislation there does not appear to be a coherent data protection framework in the United States, this could not be further from the truth.

Indeed what we find is a situation where the proliferation of privacy laws for various sectors leads to heavier regulation and tighter controls as is evidenced from the number of cases that have been bought to trial.

An example of such laws is seen with the following federal legislations which all have an element of data protection featured in them:

Children’s Online Privacy Protection Act (COPPA) – 15 U.S. Code 6501 et seq.

The aim of this Act is to place parents in control over what information is collected from their children online. With limited exceptions, the related FTC Rule requires operators of commercial websites and online services to provide notice and get parent’s consent before collecting personal information from children under 13.

Fair Credit Reporting Act (FCRA) – 15 USC 1681-1681u

This federal law is designed to promote accuracy, fairness, and privacy of information in the files of every consumer reporting agency, the credit bureaus that gather and sell information about consumers to creditors, employers, landlords and other businesses.

Federal Identity Theft Assumption and Deterrence Act of 1998 – 18 USC 1028

 The Act makes it a federal crime to use another’s identity to commit an activity that violates Federal law or that is a felony under State or local law. Violations are investigated by federal agencies including the Secret Service, the FBI and the Postal Inspection Service and prosecuted by the U.S. Department of Justice.

Federal Privacy Act of 1974 – 5 U.S. Code 552a

This law applies to the records of federal government executive and regulatory agencies. It requires such agencies to apply basic fair information practices to records containing the personal information of most individuals.

Financial Services Modernization Act, Gramm-Leach-Bliley (GLB), Privacy Rule – 15 USC 6801-6827

The 1999 federal law permits the consolidation of financial services companies and requires financial institutions to issue privacy notices to their customers, giving them the opportunity to opt-out of some sharing of personally identifiable financial information with outside companies.

Health Information Portability and Accountability Act of 1996 (HIPAA)

This Act includes provisions designed to save money for health care businesses by encouraging electronic transactions and also regulations to protect the security and confidentiality of patient information.

Video Privacy Protection Act of 1998 – 18 U.S.C. 2710

The Act strictly limits the conditions under which a video rental or sales outlet can disclose information about its clients. The Act also requires such an outlet to give its clients the opportunity to opt out of any sale of mailing lists, it also allows consumers to sue for money damages and attorney fees if they are harmed by a violation of the Act.

Personal Data Privacy and Security Act 2005

The aim of this Act is to prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.

In relation to data protection and telecommunication laws in the United States one can look to the Electronic Communication Privacy Act.

Data Protection in Nigeria

In Nigeria, Part 10 of the draft Computer Security and Critical Information Infrastructure Protection Bill 2005 deals with identity theft while Part 11 deals with records retention and data protection.

Section 4 provides amongst other things that “Any data retained, processed or retrieved by the service provider at the request of any law enforcement agency under this Act or pursuant to any regulation under this section, shall not be utilized except for legitimate purposes. Under this Act, utilization of the data retained, processed or retrieved shall constitute legitimate purpose only with the consent of individuals to whom the data applies or if authorized by a court of competent jurisdiction or other lawful authority.”

This section raises a number of issues.

•       The first being that part 11 is limited to personal data obtained from service providers only, as such it is restricted to communications service providers and not financial institutions or other industries

•       Secondly, it is implying that in the event that an offence has been committed and needs to be investigated, the data subject will be required to give consent before it can be used, this amounts to saying that a suspect must give consent to data being used against him/her!

•       Another lawful authority is too wide a scope and should be restricted otherwise it leads to room for abuse.

A brief comparison between Nigerian, European and US data protection legislations identifies a number of gaps in the Nigerian Bill. Notable of which are the following;

•       No definition of what constitutes personal data;

•       No identification of the right to privacy;

•       No definition of what constitutes data subjects rights;

•       No appointment of a regulatory body to redress breach (i.e. a Data Protection Commissioner);

•       No identification of the fact that organisations can also breach data protection rules;

•       No provision for circumstances where the personal data needs to be utilised without the consent of the data subject;

•       No provision, definition, or mandatory requirement of technical measures to mitigate data protection breaches.

It is to be stated that in its current form the Bill does not adequately address Data Protection issues. For instance as we have seen in the United States and Europe, the legislations define what constitutes personal data, along with stating what the principles of data protection are. They also provide for adequate redress to persons that have had these principles breached. This is done through regulatory bodies that have appropriate power and are not afraid to use it.

In the United Kingdom, the Data Protection Commissioner has the right to fine and also stop organisations from processing personal information where they do not comply with the provisions of the data protection Act. In the United States the regulatory bodies also have the power to fine organisations that breach data protection legislation.

With these findings in mind, it is my recommendation that a stand-alone Data Protection legislation, which identifies the responsibilities of organisations, individuals and government in relation to obligations towards data protection, be written.

To Conclude,

With the consolidation of the Nigerian banking sector, it is necessary that customers personal data is kept confidential and private, the growing subscription of customers to online services offered both by the financial and telecommunications companies in Nigeria is all the more reason why now is as good a time as any for data protection legislation to be revisited and rewritten to international standards

In today’s global economy more countries are waking up to the effects of identity theft and the need for organizations to protect customers personal information and as such are enacting effective legislation to deal with identity theft and the safeguarding of personal information.

We have seen the rise in outsourcing functions to Asian countries, which have recently enacted data protection legislation.

Not enacting appropriate legislation to cater for data protection and identity theft will not allow us to be in a position to partake in lucrative outsourcing deals which not only brings job opportunities but also the kudos that our legislative and technical services are up to scratch with the rest of the world.  As long as Nigeria does not have adequate data protection legislation, it will be looked upon as country that does not take identity theft or Data Protection seriously and as such be excluded from these lucrative outsourcing opportunities

It is to be noted that the Eighth Data Protection principle provides that personal data shall not be transferred to a country outside of the European Economic Area if that country does not have adequate levels of protection of the rights and freedoms of data subjects in relation to the processing of personal data.

To buttress the point further, in a recent article published in the Independent, three African countries have been identified for outsourcing, these being Egypt, South Africa and Ghana. (Nigeria is notably missing)

Going forward, in order to appear on the radar as a country that understands the need for data protection, data protection awareness programs which highlight the importance and value of personal information must be devised, implemented and made available to Nigerian citizens.

A major disadvantage of not implementing the legislation is the fact that many Nigerians who legitimately wish to purchase goods online are barred from doing so due to credit card companies blacklisting Nigerian IP addresses.

This can be attributed to a lack of evidence that appropriate technical and legislative measures are available to protect personal data.

It is also advisable that the current Computer Security and Critical Information Infrastructure Protection Bill is totally reworked to consist of separate legislations comprising of the following:

•       Data Protection Legislation

•       Computer Misuse Legislation

•       Information Security Legislation

•       Lawful Interception

These will then form the Nigerian Cyber Crime Legislative Framework to which we can be recognized as having appropriate legislature to combat computer related crime and Identity theft.

As a final note, when such legislation is being drafted, it is imperative that appropriately qualified individuals who have experience in this area are called upon to give their input.

This can be attributed to a number of reasons:

•       Huge margins for little effort and risk on the part of criminals

•       Inadequate legislation or punishment to deter identity thieves

•       Organisations not deploying appropriate security measures

•       People not being aware of the value of their personal information

It had for a while been thought that the only victims of identity theft were individuals whose personal information has been obtained illegally. Evidence has however shown that organisations, which obtain and sell personal information, have fallen prey to sophisticated criminals.

For example:

•       Customers of financial institutions have been tricked into handing their personal data through phishing scams,

•       Personal information brokers have had their systems breached by identity theft criminals. This can be illustrated with Choicepoint and Lexisnexis, both of which have been hit by large scale identity theft of personal information stored on their databases

•       Internal staff have colluded with criminals to illegally sell personal information, which is then used to purchase goods without the knowledge of the individual.

•       The U.S. Attorney’s Office has prosecuted approximately ten individuals for being involved in the use of financial institution computers to obtain customer information, and using that information to commit fraud. The prosecutions have included financial institution employees, and impostors who assumed the identity of account holders to commit bank fraud and fraud on the Internet. As part of each plea agreement, the financial institution employees agreed to be statutorily barred from employment at any federally insured financial institution for ten years following the date of conviction, pursuant to 12 U.S.C. § 1829(a). According to court documents, some convictions have included:

o      Kimberley Molette Smart, 27, of Sacramento, was sentenced on December 5, 2002, to serve one year and one day in prison, and given a three-year term of supervised release, in connection with using her financial institution position to obtain customer account information from the financial institution computer, and provide it to others who caused an intended loss of approximately $121,146.63.

o      Lynn Booker, 34, of Sacramento, a former credit union employee, pled guilty to committing a check “kite” through unauthorised computer access to customer account information from a financial institution. On January 21, 2003, Booker was sentenced to a five-year term of probation and ordered to pay restitution in the amount of $25,510.97.

In realising that personal information has value and that it can be used to obtain false documents which in turn can be used to commit criminal activity, data protection legislation has been enacted to identify the responsibilities of organisations that collect, transmit, store and process personal information. These legislations also have provisions, which provide for redress in the event that the organisation breaches data protection provisions in the handling of personal information.

What is Personal Data?

A good definition can be derived from the UK Data Protection Act  which defines personal data as follows, “Data that relates to a living individual who can be identified from such data, or and other information which is in the possession of, or is likely to come into the possession of, the data controller  and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual .”

What is data protection?

Data protection involves the implementation of administrative, technical or physical measures to guard against unauthorised access to such data.

It stems from legislative requirements such as the European Convention of Human Rights, and has with the advancement in automated processing of data been influenced by new legislations such as the European Data Protection Directive  and the Directive on Privacy and Electronic Communications .

It involves the protection of personal data, which covers both facts and opinions about an individual.

An instance of data protection legislation can be illustrated with the European Convention on Human rights, which provides for the right of respect to private and family life . It further provides that there shall be no interference by a public authority with the exercise of this right except such as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well being of the country, for the prevention of disorder or crime, for the protection of health or morals or for the protection of the rights and freedoms of others .

This has implications relating to information about data of individuals in respect to how it is kept, processed and transmitted, this is so especially since misuse can lead to a breach of the aforementioned right.

Why do we need Data Protection?

Advances in technology has led to easier ways of carrying out daily routines, indeed, many activities which in the past required physical presence before a purchase could be made of a product, now only need the supply of personal details. While this is convenient, and has led to faster means of conducting business, it has also led to a rise in identity theft.

It is also to be noted that with the proliferation of business activity in relation to customer information, a number of organisations have sprung up which have identified the fact that information about a person can be of value to other organisations. This has led to a number of underhanded means of collecting personal information in what appear to be promotional information leaflets. 

Victims tend to fill these leaflets in only for this information to be collated and then sold to marketing companies. It is this type of activity that has led to the call and development of data protection laws leading to stiff penalties for organisations and individuals that breach them. Indeed, under the UK 1998 Data Protection Act it is an offence for a person, knowingly or recklessly, without the consent of the data controller, to obtain personal data .

To buttress this point further an individual named Alistair Fraser, trading as Solent Credit Control , pleaded guilty to offences of unlawfully obtaining and selling personal information in breach of the Data Protection Act 1998.

Mr Fraser had obtained the personal information of certain individuals by deception from the Department for Works and Pensions. He then sold the information to third parties. He was found guilty and fined. A feature of this case is the fact that it was brought to court by the Information Commissioner, thus showing that the Commissioner is prepared to use enforcement powers to combat and discover agencies that illegally obtain and sell personal information.

In the United States organisations that violate data protection legislations relating to privacy of information are severely punished. In the case between United States of America (for the Federal Trade Commission) v. Hershey Foods Corporation: Mrs. Fields Cookies and Hershey Foods Corporation each agreed to settle Federal Trade Commission charges that their Web sites violated the Children’s Online Privacy Protection Act (COPPA) Rule by collecting personal information from children without first obtaining the proper parental consent.

Mrs. Fields are to pay civil penalties of $100,000 while Hershey will pay civil penalties of $85,000.

The separate settlements also bar the companies from violating the Rule in the future.

 The COPPA Rule applies to operators of commercial Web sites and online services directed to children under the age of 13 and to general audience Web sites and online services that knowingly collect personal information from children under 13. Amongst other things, the Rule requires that Web site operators obtain verifiable consent from a parent or guardian before they collect personal information from children.

In the world today, information and communications technology (ICT)has become the driver of world economy, this is because we are in the era of knowledge based, we have passed the industrial age, the Agricultural age and what have you. Frankly speaking the future of any nation today is based on how they are able to embrace ICT for development (ICT4D).This development comes with it an attendant benefit in job creation and economic growth.

In developed nations, they have advance in many of these things because they have the enabling environment not that they are more intelligent or better endowed intellectually than Nigerians, this is quite obvious when we see Nigerians who leave the shores of this nation and become great names in IT abroad.

With a lot of opportunities in ICT, Africa especially Nigeria which houses the largest number of black people in this part of the world is not known for any good thing ICT wise, that is the way the outside world sees us but today the story has gradually changed as we celebrate the Youngest Microsoft Certified Professionals (MCPs) in the world produced from a leading IT training centre in Nigeria called New Horizons.

New Horizons has been in the fore of human capacity development through IT training. They have been rated by IDC as the number 1 ICT Training centre in the world and no wonder they were able to achieve this feat. They are also credited to be the first to integrate ICT certification-based training into secondary and tertiary institutions.

Little Master Tamilore Adekunle-Bello and Little Miss Mayode Oluwaremi both aged 8, pupil of Dansol nursery and primary school, Ikeja, Lagos are the Youngest Microsoft Certified Professionals in the world today. They got this brilliant achievement at MCP exam they sat on Saturday, 26th June, 2010.This is worth celebrating.

In an event where the two kids where honored recently in Lagos, the CEO of New Horizons, Mr. Tim Akano whose passion for youth development through ICT training was quite obvious in his narration of his experience and how he has decided to make a change in the lives of young Nigerians who he said are the future of the country through New Horizons training centers across the country. He stated that Nigerian kids have great potentials if only they could be directed aright through IT Empowerment.

In a related development, the Director of the schools, Madam A.A.Akinyemiju said they she wasn’t surprise that the school has produced the youngest Microsoft Certified Professional because it is in life with the vision of the school is  to train children who will stand out and be different to make a difference. She was happy that the partnership with New Horizons and Microsoft in this wise has produced a world feat worth celebrating.

In his comments at the event, Mr Dayo Talabi, the Business development manager (schools), New Horizons stated that New Horizons are determined to produce even more kids and youths that are IT professionals through their several programs at the centre. In a chat with the kids, I personally saw the intelligence of these kids and how conscience they were about the feat they have achieved through their speeches at the event.

In deed, this is worth celebrating as New Horizons has produced the world’s youngest Microsoft Certified Professionals in the world….Let the world stand up for us….

More importantly, we can do more if the enabling environment is provided for the youths of this nation.

Taking this further, in the next 10 years what will be the major source of revenue and economic development for our people? It is one of such questions that every selfless Abian should ask especially the government of the day.

I am aware that right now we might be politically disadvantaged, and that in itself has a huge effect on the developmental plans and processes. But we can do something about it! Yes we can! That is the essence of this writing.

Come to think of it, are we really aware the age we are in? It’s quite clear that we have Agricultural and Industrial prowess and potentials in the state, but for all these years where has that led us to? We have passed the Agricultural and Industrial ages, these two development channels for better result, are now driven by Information and Communications Technology (ICT).

This is information driven age, the knowledge economy, the digital knowledge democracy (DKD) should be enthroned in the state.Like Chief Leo Stan-Ekeh, the CEO, Zinox Technologies will always say, that with Information and Communications Technology, the rich people of today will be the servants of the poor kids of today who will embrace ICT in the near future and will become the smart kids and leaders of economies tomorrow. In essence, ICT is able to turn a poor State into a rich State, a poor country to a very rich country. Chris Uwaje, a leading ICT impresario in Nigeria in his book: e-Knowledge: Time is running out! said “Information Technology is an embodiment of the biggest and most complex market known to man in the 21^st century”. So the opportunities are limitless with ICT.

 It is unfortunate that the government over the years has not developed a thought-out plan of development for the state especially in the area of Information and Communications Technology which is the major driver of economies.

Information and Communications Technology (ICT) empowerment is a major tool for economic development. Our youths who are the future of the state, should be empowered with ICT skills.

ICT empowerment simply, is the ability to equip oneself with the latest ICT skills available around the world today in such areas like computer engineering, mobile technology, the internet, telecommunication, information technology and others, with the objective of improving ones standard of living, provide jobs for the unemployed and build the economy on the long run.

Information and Communication Technology has been in recent years the major tool used to drive economies in countries like China, Sweden, Malaysia, Singapore, India, Korea among others.

The Way Forward

As a matter of urgency, a lot needs to be done for us to harness or get the benefits of an ICT empowered state.

 I applaud what the Kano State government is doing in building an ICT park in their state, Ogun State has also embraced ICT in no small measure in different areas of its economic growth and development, Anambra State on its own part is right now partnering with Microsoft to give its secondary schools basic ICT training, Akwa-Ibom State also has an ICT plan for their people, even Bayelsa state has been training their youths abroad in ICT,and many more who have started doing positive things with ICT, ours should not be different. We should learn from them.

But first, the government of the state should facilitate the development of a thought-out plan and strategy for the state in terms of ICT Development.

An ICT development blueprint for the state is urgently needed. This will outline the road -map for a lasting ICT development in the state, which will include among other things the building of ICT centers in every local government areas, Secondary Schools and Tertiary institutions where people will be trained in computer appreciation, software engineering, system networking, systems engineering, GSM technology, database administration, communication technology, information management, web technology, internet marketing and many others. We need ICT institutions in the state; we really have a dearth of professionals in these areas. Professionals in these areas are being sought after in the world today and great opportunities abound in the area of outsourcing of technology.

To supervise this development, an effective ministry of ICT should be in place and equipped to perform these functions.

Having said that, am fully aware that the government cannot do it alone, what government needs to do is to create the enabling environment and begin to woo private investors both foreign and local into the state to partner with her on ICT development for the state.

This is the opportunity for our people at home and in diaspora to contribute meaningfully in making Abia an ICT empowered state, we all will reap the dividend of this knowledge democracy and our people would have been emancipated from perennial poverty because no matter where you live today, there is no place like home!

This is the change we yearn for, and the time to make that change is now!

at the WAFICT Conference/Exhibition in Lagos.

We are once again opportune to be part of another session of the WAFICT Exhibition/Conference. The timing is particularly significant given that our industry is experiencing considerable transformation. Change is afoot at the Nigerian Communications Commission, NCC; as is the reality that two major players’ submarine optical fibre cables would be open to traffic to and from these shores; our government is right about now putting a revised Communications Policy together; and at ATCON, we have recently sworn in a new Executive Committee. So as far as positivity goes, there is hardly a better time to be here as we ride on the crest of a wave geared towards moving our industry to the next level.

In the realm of telecommunications development, as the saying goes ‘a lot done but a lot still to do’. The Nigerian market, by all indication, is not a blank canvass. However it is necessary, as we ride this wave, to address certain structural and infrastructural problems that might give the illusion or may be presented as if we have a saturated market on our hands.

Nevertheless, the advantages of cross-border trade especially for the medium and long term future gives cause for optimism – but only if, in the short term, we lay down plans and our modus operandi.

In relation to WAFICT, we can quite confidently say that given what the organizers have recorded in terms of its reach and potential effect, in the context of their set objectives, it is our view that with a well managed collaboration with other proven local initiatives, we should now be in a position to escalate our intentions to the International Telecommunications Union, (ITU), that under its auspices, Nigeria wishes to host a world class Telecommunications Expo. We must galvanize support as well as call on our officials in the Ministry of Information and Communications to begin to make necessary representation at the global level that we are ready to host the 2018 edition of ITU’s World Telecommunication Development Conference, WTDC-18.

I will also like to seize this opportunity to outline the focus of ATCON in the immediate future. We will continue to be a driving force of inspiration amongst all players as we attempt to meet the aspirations of our industry.

It is time we managed both volume and content of our traffic to ensure that we get the best returns from our investment. In this regard, we invite all members of ATCON, indeed all telecommunication firms in Nigeria to commence the domestication of their domain identity in cyberspace. ATCON to this end has taken the lead in migrating its own identity to atcon.org.ng and all other things related to that have been domesticated in the new Nigerian domain.

In due course, we shall provide the necessary guidelines to our members on change processes which will enable all of us take advantage of the tomorrow that we are seeing very clearly at this time.

We also invite our members to take advantage of our new structure which empowers the sector unions of our Association to ensure that they effectively manage their internal resources and challenges based on reciprocity of support between them and the central national body.

We commend the Hon. Minister of Information and Communications for the ongoing revision of the National Communications Policy. The fact that the terms of reference for the review committee starts with the premise that the policy has moved from being a telecommunications policy to being a COMMUNICATIONS POLICY indicates a move in the right direction.

We also commend and congratulate the Management of Globacom and MainOne Cable for their mammoth efforts in opening up the mouth of their submarine cable to incorporate Nigerian traffic.

Being a paper presented by Dr Jimson Olufuye, ITAN President and Board member WITSA

1.0 Preambles

 I would like to thank the Director-General of NITDA and members of the eNigeria 2010 Planning Committee for inviting me to the Conference and to make a presentation on Strategies for Positioning Nigeria in the Global ICT Market. I would also like to use this opportunity to thank all my professional colleagues that worked relentlessly on the Nigeria’s ICT4D Plan and on the revised National Information Technology Policy.

 In this paper, I’m to concern myself with the strategies for positioning Nigeria in the global ICT market.  In the normal sense of going to the market like the stock market, it presupposes that you have something that you want to sell. In stock markets, stocks are traded. If you have stocks to sell you simply go to the market and dispose them. The same thing applies for yam market. When you go to the yam market, it is expected that you have yams to dispose or you want to buy some. In the case of global ICT market, it means people have ICT products and services that they want to dispose to get an income or products and services to buy. In case of Nigeria, one then can ask, what do we have to sell in the global ICT market place? What peculiar competitive ICT advantage do we have that the world wants? (The answer is obvious nothing significant yet!)

 An old proverb says that ‘If you want to sell a rabbit skin, you do not talk about it until you have caught the rabbit’. However, I do know that in a Nigerian culture, long before the masquerades come out, the sound of the drum would have been in the air, loud and dominating. It is like preparing the ground and setting the pace for what to come.

 In this light, I subscribe to the strategy of deliberate positioning of Nigeria for reckoning in certain field of competitive advantage in the global ICTs marketplace in lieu of actual delivery.

 2.0 The Global ICT Market

 The global ICT market is worth more than US$4trillion according to the WITSA 2008 Digital Planet Publication. There are four Technology groups in the global ICT market namely: Hardware, Software, Services and Communications. The communications services and equipment group has by far the largest share of total ICT spending with about 45% in 2009. The services group has the second largest share at about 25%, while hardware and software hold about 18% and 12% of the market, respectively.

 The services sector readily guaranties economic expansion as it has the capacity to quickly expand and scale up more jobs. Nigeria is currently around 30% of its Service potential. A 78% Services level is critical to the attainment of the Vision 2020 target. Services component includes Business Process Outsourcing (BPO), IT consulting, Research, Education, Hospitality etc.

 There are six key drivers of the global ICT market. They are Innovation, Investment, Intellectual capital, Information flow, Infrastructure and Integration. Nations desirous of playing major role/s in the global ICT market place must engage the six ‘i’s above to be taken seriously.

 2.1 Questions

The questions can then be asked; In what Technology Groups are we now? …. And in what Technology Group can we play?

2.2 Answer

 In BPO and Software development!

 2.3 Why?

 We have the key ingredients in abundance viz

 1.   Human Capital. More than 150m people with vibrant youth population.

 2.   Language advantage. English language

 3.   Geographic location: Same time zone with Europe. So real time processing practicable. And to the United States just 5-6hrs difference.

 4.   Investment: World Bank ICT Project funding to the tune of about US$180m, National Information Technology Development Fund, EU funding support and massive private capital.

 2.4 Drawbacks

1.   Absence of critical mass of talent, skills and competencies

 2.    Infant process-people-technology (PPT) cycle. This needs to mature. For Example- there is no certified company in Nigeria on the CMMI model- which is a global process and quality standard for Software Companies

 3.   Poor Electric power. This drives high the cost of doing business

 4.   Lack of instrument of law

 2.5 Solution

ITAN has partnered with a QAI Global (a global leader in Process, Quality and Operational Excellence Consulting and Workforce Development) to prop-up our PPT curve into maturity in the area of IT/BPO services. World Bank has engaged Hewitt (another leader in BPO industry development) to step up our BPO industry to attract big BPO businesses to Nigeria. The BPO service industry is a US$500b market and it is ONLY about 25% engaged.

 The leading BPO nations India, China, Malaysia, and Philippines etc are getting increasingly expensive and it’s time to explore cheaper opportunities as business is concerned with minimizing cost and maximizing profit. South Africa and Egypt are current African leaders in BPO. However, if we rejuvenate the momentum, we can readily come from behind to lead again just as we did in telecoms from 0.05% to 50% density in less than 10years. ITAN and QAI are ready to partner with NITDA and key stakeholders for critical PPT service excellence and workforce skills.

 The issue of electric power did not stop the telecom sector why should it stop the IT/BPO sector? The alternative being the generators, turbines and independent power are to the rescue. The omnibus Senator Iya Abubakar IT Bill which handles cybersecurity/ cybercrime, electronic evidence and digital signature may be lobbied to passage.

  WE MUST GET IT RIGHT AGAIN IN IT/BPO services!

 3.0 Importance of Positioning

Position determines relevance, prominence and leadership. Position can be likened to visibility. The more visible you are the more your degree of influence, reckoning, value and dependability. These are critical to business.

  If we truly want to be one of the 1st 20 biggest economies in the world by the year 2020 (V20-2020[3]), we must seriously begin to position ourselves for digital competiveness.

 3.1 Rand Corporation Report

 According to a recent Rand Corporation report: “For the past 30 years advances in biotechnology, nanotechnology, materials technology and information technology have advanced at an accelerated rate with no signs of abating.  The technology in 2020 will integrate developments from multiple scientific disciplines in ways that will dramatically impact the quality of human life even more than can be imagined today.  It is sure to change the face of work, education, economics, energy, the environment, medical care and global political power.

 Rand points out however that this technology revolution will play out differently around the world as not all countries will be capable of taking advantage of it.  Some countries will not be capable because they will not have the necessary infrastructure or resources to integrate the technology applications within their societies.

 We have entered into a new global, knowledge based economy- where independent economies have merged into an inter- dependent economy.  We are witnessing an ongoing process by which regional economies, societies, and cultures have become integrated through a globe-spanning network of communication and trade enabled by Information and Communications Technologies (ICT) thus recognizing that ICT is THE key driver of global economic growth and development.  Almost everything that we know and do today is about to change again and again.

 It only stands to reason therefore that those economies and societies that are not fully engaged and integrated into the global economy by embracing ICT will surely fall further and further behind those that are. 

 To make matters worse, the rapid rate of change is making it more difficult to catch up.  So the longer economies delay the more difficult it will be for them to catch up. 

 SHOULD WE STILL DELAY?

 3.2 World Economic Forum

 In 2009, the World Economic Forum reported that Information and Communications Technologies are increasingly moving to the core of national competitiveness.  Deductively, unless a country embraces ICT as its key enabler and centers ICT at its core of operations in all aspects of society it is near certain that in this new age these countries will not be able to compete. 

 4.0 Strategies for positioning Nigeria in the global ICT market

Our respectability in the global ICT market depends on what we do and what we do not do.

  4.1 What is it that we must not do?

 1.   We must not standby and allow the digital revolution pass us by

 2.   We must not be an on-looker.

 3.   We must not allow internal wrangling to slow us down

  Let us be determined to move forward!

 4.2 What do we do?

The bottom line with regard to whatever we do is to create jobs and enhance the prosperity of our people. Here are a few things I think we must do:

 1.   Have an IT Policy to set direction

 2.   Have a strategic plan of action to develop the industry – ICT4D[4]

 NITDA must proactively engage ICTs with solid strategic plans in phases to drive Vision 20-2020. There should be a Committee or a group (powered by NITDA) charged with this task. If there is none in place, ITAN hereby volunteers to join the group that would make that possible whenever it is constituted.

 3.   Concentrate on low hanging fruits: That is BPO, software development, African contents development just as with Nollywood etc. We must boost our service sector.

 4.   Enact laws to assure confidence in the economy. The omnibus Senator Iya Abubakar bill may be revived. (The above Committee or group can be charged with this mandate as well.)

 5.   Stream line taxation. Multiple tax regimes cripple business.

 6.   Generate industry data. Data is the life blood of any digital economy after human capital. If there is no data, you cannot measure progress and if you cannot measure progress then you cannot attain your goals talkless of your vision.

 7.   Create IT Public-Private Institute. NITDA as an IT development agency needs to push for the creation of what I can call its research and innovation arm – the IT Public Private Institute (IPPI). NITDA needs this institute akin to Digital Bridge of Nigerian Communications Commission (NCC) to focus on research and innovation that shall be the blazing engine for the fulfillment of its development mandate. The IPPI should engage mostly PhD holders to assure research and innovation quality and integrity. It could draw strength from works of innovation scattered around research institutes around the country and also collate and provide cutting edge training methodologies and contents to University dons who will in turn impact knowledge of current technology tools and practices to students who are the supply line for the service sector and the general ICT ecosystem.

 8.   Use NITDEF fund to

 i.       build awareness amongst Nigerian IT organizations regarding various aspects of Operational and Business Excellence

 ii.     Assist IT organizations to develop and implement a comprehensive ‘Operations Excellence’ roadmap that enhances their global competitiveness.

 iii.   Deploy global frameworks, standards and certifications for the IT industry such as: Capability Maturity Model Integration (CMMI®), People Capability Maturity Model (PCMM®), ISO 20000, ITIL, CoBIT, 6-Sigma and others, in order to improve competitiveness, attract outsourcing  opportunities, and promote Nigeria as a ‘high quality ICT destination’.

 iv.   Create and implement industry wide projects for ‘Enterprise Capability Building’ in areas such as, but not limited to Software Process Improvement, Business Process Improvement, Outsourcing Management, Quality Management, IT Governance, Innovation Management, Human Capability Management, Program & Project Management, Software Engineering, Software Testing Centers. Create workforce development initiatives such as training and certification of students and working professionals in the IT-BPO industry, and upgrading of University curricula as well as Professors, for creating mass-scale pool of industry aligned and ready graduates, and working professionals.

  Egypt for example has already taken several initiatives in the above areas, where all the stakeholders in the ICT ecosystem are working together (such as the Ministry of ICT, Ministry of Education, local industry association, IT/BPO companies, Training companies etc. are working together towards building capacity and positioning Egypt as an Outsourcing Destination.

 The strategy has delivered results, with several global MNC’s such as IBM, Oracle, Vodafone, Microsoft, etc have set up operations, investing capital and generating employment, while Egypt is touching 1 billon USD of IT/BPO exports.

 9.   Be visible. There is need to engage international trade bodies like the World Information Technology and Services Alliance (WITSA), Computer and Electronic Association (CEA) etc as a way of attracting more visibility. ITAN is already a member of WITSA. NITDA can leverage on this to become a global partner of WITSA. The US, Malaysia, MexicoIT and Taiwan are members already. Global partnership with WITSA has enhanced in no small measures the economies of such partners. For example, the partnership gave Malaysia an unprecedented leap as a major BPO destination in the world behind India and China. I am glad that NITDA will be present at the upcoming World Congress on IT (also known as the ICT Olympics) in Amsterdam. It is a veritable environment to begin to position Nigeria as a serious destination for BPO. Though there is no plan to have Nigeria country pavilion and displays but it would be a good presence all the same.

 5.0 Conclusion

 With our positioning strategy in view, I hereby in conclusion propose that NITDA

 i.       Becomes a global partner of WITSA, CEA and other important global bodies

 ii.     Set up an IT Public-Private Institute (IPPI) to drive the IT Public-Private Forum and spearhead NITDA research and innovation drives. The IPPI is expected to be the blazing engine for NITDA in the fulfilling of its developmental mandate.

 iii.   Sponsor trade missions for Nigerian hardware and software companies overseas

iv.   Hold West African IT trade exhibitions for Nigerian IT services and products in collaboration with key trade associations

 v.    Use the NITDEF Fund to assist IT companies build Operational and Business Excellence and some promising software companies to achieve international certification such as CMMI for global competitiveness.

 vi.   Projects to host the Global Public Policy Summit by 2016 and

 vii. Projects to host the 2020 edition of the World Congress on IT – WCIT 2020.

 Again I say, if Nigeria in less than ten years could record the telecom revolution, then there is nothing stopping us from cheetapolevaulting with ICT by the year 2020.

 Let us make the Digital Nigeria happen. Let us make it a reality as WE WORK TOGETHER!

The report has been confirmed by Globacom Nigeria Ltd.

 We are concerned about the fundamental issue of the responsibilities of Nigeria to the investment of its citizens who have, against all odds, made a concerted decision to invest  in other countries either as part of multinational consortia or as local companies of their host industry.

In an era of increased geo-economic co-operation amongst countries, this unfortunate development is beyond being a Globacom’s issue but has been elevated to being a Nigeria’s issue. Given the Africa’s litany of geo-political squabbles, it is imperative therefore that Nigeria must commence to give practical support and incentive to the investment of Nigerians who invest in other countries.

It is herby brought to public attention that the Association of Telecommunication Companies of Nigeria, ATCON has begun consultation by canvassing detailed opinions on the business, regulatory and legislative dimensions of the matter with appropriate authorities.

The Association is about seeking the attention of the Honourable Minister of Information and Communications on this development and to requests that in the interest of pan-African development, she impresses on the Presidency the need to open up discussion with Ghanaian authorities immediately to ensure that Globacom’s investment in Ghana are supported and protected to avert the prospect of the withdrawal of its investment.

Many have argued that Facebook is a major distraction at work place, making many not to work but to Facebook.Even if they are restricted from visiting the website on their computers at work; their mobile phones are readily available to update their status on it. The site is so addictive that most people have considered it a time-waster, yes, but I personally think otherwise because I cannot get online without going to my Facebook so is many.

The truth is you have to be focused on what you want from the site because if you don’t know how to use this medium to your advantage it can be a big time waster especially taking up reasonable man hours that would have been used in productive venture at work. The addictive nature of the website has made it impossible for people to do without it. So what do you do as to profit from this necessary evil if you want to call it that?

This article is meant to help you understand how to use Facebook to your advantage. I can rightly say here that the best thing to do is to get an Internet Marketing Consultant to incorporate Facebook into your marketing strategy through a thought-out plan.

Social Networking and Social Network Marketing

The fact remains we deeply, innately, in every aspect both in professional and personal life need to be connected. We naturally form social or business groups based on affinities and expertise. We gravitate to others with whom we share interests. Most of us belong to real world networks that formed organically. Not surprisingly, these days such networks have rapidly migrated to the online world. New technologies are playing a big role in our ability to connect with people and also stay connected. We now live in an inter-connected or wired world where success can be attained based on the amount and quality of people you know who also know you and have interest in what you do and our personality. This is the social media era.

Social media are new communication tools for businesses to leverage on to promote and build their brands, such tools and applications are Facebook,twitter,linkedIn,wiki,blogs,mobile apps etc.
They help businesses reach, engage a large number of potential buyers who will in turn reach back to you immediately making the media very interactive, They are effective and also inexpensive. This has lead to a method of marketing your brand using these social networks called Social Network Marketing (SNM).

Social media marketing is basically centered on efforts to create content that attracts attention, generates online conversations, and encourages readers to share it with their social networks. The marketing message spreads from user to user and resonates because it is coming from a trusted source on the network, as opposed to the brand or company itself.

Major corporations like Coca Cola, Apple, Dell, and Pepsi etc are actively involved in social media marketing in promoting their brands. One Nigerian brand that is fast leveraging these social media is GTBank.I see their presence on Facebook, wikipedia, Youtube, flickr etc.Have you watched the recent Pepsi advert for FIFA 2010 World Cup in South Africa on Youtube? That advert has been viewed by several millions of people within a short period surpassing any TV viewership over the same period of time; this is the power of social media which I want your organization to use.

In case you don’t know…

Facebook is the fastest growing social networking website on the Internet today with over millions of users world wide, founded by Mark Zuckerberg in February 2004 with fellow computer science major students and his roommates Dustin Moskovitz and Chris Hughes at Harvard University. It is a free-access website organized by city, workplace, school, region to connect and interact with people. With the young and upwardly mobile population of the society as active users of the portal.

Looking at the impact of Facebook on its users, it is highly regarded as the new media, which affords great interactivity and personalization.

Let’s Do Facebook (Strictly for Business)

Facebook as a social medium affords the opportunity for individuals, businesses, organizations to network with friends, fans, customers, prospects and people from different countries and backgrounds, by sharing personal information, pictures, videos, articles etc. It has the ability to connect your business with customers and also to your customers’ friends. This is the viral nature of Facebook which businesses should leverage on (read up the principle of viral marketing in my book: How to Create Unlimited Internet Wealth

This has lead to a new method of promoting businesses and brands online known as social network marketing; this is quite effective because the platform helps businesses to engage with customers and prospects directly.

It can be difficult for businesses in Nigeria to figure out how this great marketing tool can help them, because of lack of this information on how businesses can leverage the strength of Facebook to drive traffic to their businesses Facebook can help your business have new customers who are searching the product or services you offer, like I have always said, people get online searching for a solution to their problems, the platform with its tools and applications helps you connect and engage the customers with your brand, you can also create a community around your business, it helps you promote your website, articles, product, services, events, articles, contact and other things which will boost your business.

 Create a Facebook Page for your Business

To start promoting your business on Facebook, the first step is to create a Page for your business; this is quite different from a personal profile. Do not create a personal profile for your business. Profiles are for people, Pages are for businesses. Facebook is building significant new functionality for businesses, and all of this functionality is only available to Pages.

There are a few differences between Business Pages and Personal Profiles:

Pages allow you to designate multiple administrators, so that you can have multiple people help manage the account, and if one of your administrators leaves the company, you can still have control over the Page. Pages are, by default, public and will start ranking in Facebook and public search like Google.com.Bing.com results. Pages are split into different categories (local businesses, brands, musicians) that help you get listed in more relevant search results. Personal profiles have friends, which require mutual acceptance, whereas anyone can become a fan of your Page without first going through administrator approval.

A Facebook page for your business serves as the hub of your marketing presence on Facebook, Facebook pages rank very high in search engines when you use relevant keywords to your type of business, create an engaging page because the success of your marketing lies on that.

How to Create a Page

To create a page log on to www.facebook.com/pages/create.php. (You must be logged in to create a Page.) Fill out your Page like you would a Profile. Click on “Edit Page” or “Edit Information” on the Info tab to add information about your business like your website, a short description, products, mission statement, Vision and so on. Add your logo as the photo for your Page. Take advantage of some of the features of business Pages like the discussion board to engage your fans.

Choose a category. Most companies will be in the” Brand or Product” category. The category will help you rank in more relevant searches and provide relevant info fields on your Page. Choose a name for your Page. In most cases, this should be your company name. Now create your Page and click “Publish” button to make your Page public.

 As the administrator, your name and profile will not show up anywhere on your Page. You are the behind-the-scenes manager. When you post new information or respond to a discussion thread, it will appear to be posted by your company rather than you personally. You can designate multiple administrators as well to help with the maintenance of your Page. In addition to being the administrator of your Page, you will want to become a fan. Once you become a fan, you will be listed among all the other fans on your Page and all the Pages of which you are a fan will show up on your profile –giving your business more visibility to your network.

 Promote your Page

You do not just create a Facebook page for your business and leave it at that; you need to continuously promote your page for more users to become your fan. You need to engage your fans too until they become your customers. Facebook has over 33,000 applications that can help you do this more effectively.

 Always update your profile with fresh pictures, videos, add interesting content to your page. Add poll, contest, and articles to your page. Leverage the viral nature of Facebook through the news feed which gives you update of your fans and friends.

Send email to your existing customers and introduced your Facebook page to them. Blog about your Facebook page too.

 You can also integrate Facebook connect on your website; this will help increase your engagement with your fans by spreading information and updates about your visitors’ activities with their Facebook friends.

 Add Facebook share link to your website, this makes it easy for your customers to share information about your business with their friends.

 Create regular Facebook events for promotions you are running on your product or services, events you have that will be of relevance to your fans; the good thing about this is that the events page will be automatically promoted on your Facebook page for your customers, fans and prospects to see. With this you can determine the number of people that are interested in your product or service, the friends of your fans will also see such promotion.

 Continuously interact with your customers on your page, join in discussions and use that forum to answer any question they might have, for this to be effective, assign a staff that will be updating your page and interact with your prospect like I have explained.

Your business can sponsor the development of an application on Facebook, which will appeal to your fans.

 Advertise your Business on Facebook using Engagement Ads and Apps.

Advertising on Facebook helps you reach millions of people. Facebook ads allow you to promote your business, get more fans for your business Page, and drive more sales. To achieve the best result, your advert should be well crafted by an expert.

Measuring the performance of your ad campaign is easy. Facebook has built-in analytics to help track ad performance in terms of number of impressions, clicks, and click through rate.  Multiple ad variations can be run at the same time and ads manager helps you determine which ad deliver the best results for your business. This helps you get the best from your advert campaign.

 From the analysis you can measure the total number of fans, group members, and/or friends, level of engagement and number of conversations with potential and current customers and fans can also be determined. Facebook’s built-in analytics, Insights, lets you track valuable metrics such as page views, wall posts, discussion threads, and photo views.

 The overall marketing effectiveness of your page, the number of visitors from Facebook to your website that convert into leads and customers can be determined.

Following these metrics over time can help you measure the ROI of using Facebook and be more focused about how to use Facebook effectively to market your product or service. Some applications of Facebook can also help you advertise your product and service effectively.

I believe with this information you will incorporate Facebook marketing strategy into your existing marketing plan and explore this new medium for your business advantage. Contact me for further guidelines on how to use other social networks like Youtube, wikipedia to promote your business. So, is Facebook a Social Networking site for you and your business or a Social notworking site?

The nice part about doing the Cisco certification is that the information from there can be applied to so many other certifications. Even though it’s a vendor specific cert, the skills you gain will serve you well in thousands of situations. CCNA training allows you the ability for installations and operation of LAN, WAN, and dialup access services for small networks with 100 nodes or less.

The CCNA course includes, but not limited to use the different networking protocols such as Ethernet, Access Lists, Serial, IP, IGRP, Frame Relay, IP RIP, and VLANs. Cisco’s CCNA Prep Center Pilot offers simulations and sample questions, besides the e-learning modules and laboratories. Computer training includes also valuable tips from CCNA professionals, in addition to expert advice, and encouragement through CCNA certification success stories.

 CCNA training does not require any prerequisite and makes available many other resources to help students with the preparation of their CCNA certification exams. CCNA course, exams and recommended training include the Introduction to Cisco Networking Technologies (INTRO), the Interconnecting Cisco Networking Devices (ICND) or both. CCNA training and additional training, probably cover most of your career path expectations.

However, Cisco’s CCNA certifications are valid for 3 years, so it is necessary for additional computer training to re-certify. This is achieved by either passing the current CCNA exam at the moment of the original certification’s expiration, passing the ICND exam, passing the 642 professional levels. Presently, Cisco has introduced CCNA voice, CCNP voice, CCIE voice with also the security and wireless elements to the certification so as to encourage specialization.

After CCNA training your can also re-certify by passing the Cisco Qualified Specialist exam, excluding the Sales Specialist exams, or passing a CCIE written exam, which is a re-certify form valid for individual who had a CCNA certification starting from October 1, 2004. Cisco CCNA online training certification program, offers the same value, knowledge and skill earned on a traditional CCNA course, and it is a nationally recognized certification. With computer training online, you will gain knowledge of switched LAN Emulation networks, which are made up of Cisco original equipment. CCNA training online focuses the coverage of Cisco router configuration procedures, mapped to exam objectives in order to prepare you for Cisco Exam 640-801, in partnership with major universities and colleges offering as well CCNA certification.

I was privileged to under study in a Cisco academy in Zaria(Nigeria) together with some other medical doctors. These days as the voice technology is gaining ground , you can now obtain CCNA voice, CCNP voice or CCIE voice specializing in call centre set and stuffs like IP telephony. The Computer training program online consists of 2 sections; “Introduction to Network Engineering”, allowing the student to understand the world of network engineering, learning fundamental facts of data network theory and current technologies making the Internet tick.

The second section of the online CCNA course, “Practical Network Engineering”, is an approach to some of the most powerful networking technologies, involving extensive work on switches, Cisco routers, and firewalls in a simulated network environment, preparing students to earn the CCNA certification.

The CCNA is a starting point to do the more advanced Cisco courses such as CCNP (more advanced networking), CCSP (security, i.e. firewalls, VPNs, IDS, etc.), and then you get things like VoIP.

The CCNP exam is highly regarded and consists of 4 (if I remember correctly) exams, covering switching, routing, support and remote access, plus a few more topics. After getting your CCNA then you have to decide whether to major in design, implementation routing and switching which is the CCNP or major in security which is heavily theoretical and analytical like CCSP which I will discuss later or CCVP(voice).

 CCNP new modules will comprise of : 642-901 BSCI: Building Scalable Cisco Inter-networks ISR routers, updates to Cisco IOS? Software 12.4 routing protocol, routing authentication security, multicast routing, IPv6 642-812 BCMSN Building Cisco Multilayer Switched Networks High availability, new wireless LAN fundamentals for Airspace thin-client, voice, and Cisco IOS switch security 642-825 ISCW Implementing Secure Converged Wide-Area Networks Cable and DSL broadband access, Multiprotocol Label Switching (MPLS)/MPLS VPN fundamentals Cisco IOS Security featuring S2S VPN (IPsec and generic routing encapsulation/IPsec [GRE/IPSEC]), Cisco Easy VPN, Cisco IOS Firewall, Cisco IOS Intrusion Prevention System (IPS), Cisco AutoSecure, Role-Based CLI Access, and Cisco Security Device Manager (SDM) 642-845 ONT Optimizing Converged Cisco Networks Voice over IP (VoIP) fundamentals, techniques to address VoIP challenges, concepts and implementation methods for quality of service (QoS), wireless security standards, and Cisco wireless LAN (WLAN) networks Note combining a CCNP and an MSCE will make you a hot cake in the field of IT.

Start your CCNA then follow it up with the MCSE tracks one after the other and then round up with a CCNP. At risk of sounding arrogant, I believe CCIE (Cisco Certified Network Executive) is the mother of all certifications (You know you can’t go wrong with Cisco in networking).

And currently there are just barely over 13000 CCIE holders in the world. CCIE is very expensive and it is only given in selected locations. You pay $300 for the test and $1250 per lab for the lab test which is an 8 hours test .

You also needs a certain amount of experience to take the test and the test is multiple choice and hands on. What they do with the hands on, apparently, is to put you in a room with a bunch of devices and give you a scenario.

You are then supposed to create the network based on this scenario. When you are about half way through, they send you out of the room and then mess up what you have done and you are now supposed to troubleshoot the problem and fix it.

 Also, the certification is only valid for two years. When you are preparing for your CCIE, your neighbors will think you have gone crazy, just don’t let that bother you as you will be talking to yourself a lot. Even your wife may start suspecting something; just hold on- till you get there.

Once again, before taking any certification adventures make sure you are equipped with your COMPTIA A+ and N+ they are very easy to pass, from there anything can happen.

The CCNA tracks are very demanding and practical oriented. When the Cisco academy took off in ABU Zaria a lot of people fought for the forms including some few cute ladies in my batch studying drama. They were under the mistaken impression that since Cisco is a hot cake IT certification, Cisco certified personnel we be working in well ironed presidential suites wearing garish looking neck ties. But to their surprise we were always carrying cables, pliers, LAN tester and dusty patch panels around, and after our first module, two third of the class ran away. When you are working in an open standing switch or an open Linux box you use for routing, your neck tie could get trapped in a rolling fan.

 When I started working with my organization, I had the opportunity of designing and implementing a multi-floor LAN. At the site me and my crew were working parallel with welders, practitioners and some carpenters, you could hardly differentiate us, except if you look closely to figure out my original made washout Armani jeans or my Bruno Mali made shoes or probably if I am answering my black berry from time to time.

 Disclosing the guideline for this years event, the Executive Director of Digital Sense Africa, Mrs. Nkemdilim Nweke, said that this year’s theme of the forum, would centre on ‘Five Years of IGF, the Way Forward for Nigeria.’

She said that following the feat of the 2009 edition of the forum, it has become necessary to ensure that this year’s edition is held in April so as to make certain that those stakeholders planning to be at this year’s Internet Governance Forum would represent the interest of the nation’s internet community.

Mrs. Nweke also said that plans have advanced to ensure that this edition advances the objective further beyond what was achieved last year.

According to her, Nigeria Digital Sense forum offers stakeholders the needed platform to articulate a stand on Internet Governance and accurately align the nation’s position into the global Internet Governance Forum holding in Vilnius,

Lithuania between September 14 and 17, 2010.

She maintained that the forum was initiated as part of efforts at consistently galvanizing opinion and enlightenment on Nigeria’s position on the global annual Internet Governance Forum, which is in its fifth year.

You are therefore cordially invited!