Moving target: Rather than Nigerian police investigate crimes digitally, they profile young men for torture and extortion

Moving target: Rather than Nigerian police investigate crimes digitally, they profile young men for torture and extortion


In Nigeria, the meaning of “tech” is rapidly changing. In the last year, data centres have been spreading all across Africa. In response, Lagos-founded MainOne – the largest ISP and data centre operator in West Africa – was acquired by Equinix for $320 million in 2021, with the hopes of expanding mobile broadband to the remaining 60 per cent of West Africans not yet connected.

The gig economy, from Airbnb to ride-hailing apps, offers opportunities for Nigerians to work with flexible hours. And there are now over 716,000 professional developers across Africa, a 3.8per cent increase from the last year, with many local businesses moving online and the pandemic spurring a global demand for remote tech talent.

Still, there are many areas where this narrative reframing has not yet caught on. For years, upward mobility in Nigeria has been eyed with suspicion by Nigerian police, who have long harassed workers fitting the profile of young scammers.

On Rest of World’s outlet software developer Kofoworola David-Okesola described an incident in which he was ambushed by the federal Special Anti-Robbery Squad (SARS), which confiscated his belongings and interrogated his online activities.

“Why do you have multiple Gmail accounts?” one of the officers asked him at gunpoint. “Where did you get money to buy a MacBook? And what do you do for a living?”

The SARS police force was founded in 1992 as a masked unit to investigate and prosecute violent criminals. When cybercrime started becoming more common in the 2000s, the unit began focusing on prosecuting potential cybercriminals.

Rather than investigating crimes digitally, however, the unit took to profiling primarily young Nigerian men on the streets and using methods of harassment and torture to extort those they deemed suspicious, according to Amnesty International Nigeria programme manager Seun Bakare.

In a 2020 report by Amnesty International, the unit was found guilty of 82 counts of illegal stop and frisks, arrests, sexual harassment, and extrajudicial killings. Young men between the ages of 17 and 30 were at the highest risk of extortion, with many of the victims accosted at public venues and falsely accused of engaging in online fraud.

On October 3, 2020, a video was taken of a SARS police officer shooting a young Nigerian man in Ughelli after accusing him of cybercriminal activity. The video began trending on Twitter, resulting in nationwide protests organised with the #EndSARS hashtag.

Young tech workers demanded the government investigate and prosecute all forces involved in police misconduct. In response to the public outcry, SARS was decommissioned, along with several other tactical police units. Given the government’s history of inaction, however, many Nigerians are still sceptical as to whether this constitutes an adequate response to police brutality.

while arrests such as Medayedupin’s may be praised abroad, the reality is that promoting a cybersecurity culture that celebrates arrests like these only incentivises the Nigerian police force to focus their efforts on finding and prosecuting individual criminals, rather than addressing the problem of cybercrime at large.

Cybercriminals often interact in tight networks, operating thousands of servers, hosting domains, and databases distributed across an international team. Prosecuting a single criminal at a time is a drop in the bucket compared to the impact of identifying these wider networks of criminals, many of whom communicate on publicly accessible platforms such as Facebook and Discord.

Beyond the socio-political repercussions, continuing to criminalise and police Nigerian users necessarily impedes a shifting narrative. In response to freezing 281 Nigerian cryptocurrency accounts, Binance CEO Changpeng Zhao issued a public statement that revealed the company’s continued wariness toward the Nigerian market.

“User security remains our top priority,” he wrote. “We love and are devoted to our Nigerian community, but we must ensure that our users are safe.” Nigerian accounts also remain banned from Coinbase despite the country’s status as the leading market for venture capital in Africa.

With the rapid growth of Nigeria’s tech ecosystem, young workers today are facing far more lucrative opportunities than in the past. Mobile data adoption is up, and as the successes of Paystack and Flutterwave have indicated, users are more willing to trust digital payment systems. Yet cybersecurity providers remain focused on fraud as a heuristics-based problem, building solutions with bias against an entire demographic.

Although heuristics can work in fraud detection, they must be sufficiently tuned to not flag numerous non-suspicious transactions. It’s clear that many security providers today are not putting in the work to distinguish between non-suspicious activity from Nigerian accounts and the behavioural patterns of scammers.

Fraud detection services continue to screen transaction data by GeoIP, block Nigerian-originating users, and advocate for scam-baiting and vigilantism as the primary means of addressing cybercrime. Stronger indicators of fraud, such as IP history, failed verifications, mismatched user data or activity inconsistent with user history – detections based on user behaviour rather identity – can provide a more holistic way to identify fraudulent transactions.

Beyond the bigotry of subjecting entire ethnicities to large-scale policing, fixating on short-term gains is an ineffective strategy for actually reducing incidents of cybercrime. Though a large volume of attacks may originate from Nigeria, overfitting models to parameters not associated with cases of fraud simply yields poor detection.

It may be easier for companies to lean on tried-and-true heuristics, but these methods are not sustainable in a rapidly developing ecosystem. Companies that continue to address fraud with quick patches will lose out on customers from the largest emerging markets in Africa – as it turns out, users are also aware of the repercussions of using services that actively discriminate against them.

It’s evident how a biased mentality arises from the industry: according to the 2020 (ISC) workforce study, only nine per cent of cybersecurity professionals self-identified as Black. Within an environment so lacking in diverse leadership, there are few incentives to change the status quo.

Regardless, the narrative must change. Barring the harms of perpetuating systemic racism within the United States’ justice system, increasing surveillance of African and African diasporic individuals will only further reduce access to financial and communication channels for the individuals who need them the most.

  • A Wired report
About author

Your email address will not be published. Required fields are marked *