When a bag containing a laptop, phone, and important documents was stolen in Lagos on Wednesday, January 21, 2026, a nearby CCTV camera captured the incident clearly. The suspect’s face and movements were visible, and within hours the footage had been shared on social media. In a post on X, a user identified as @Mobilliondollar, who said the stolen items belonged to her boss, wrote:
“The culprit was caught on CCTV. If you know him or have information, please contact 08130788485. Please help spread the word .”
The police did not release a name. No official database search was announced. Instead, the public became the primary tool for identification. Efforts by WikkiTimes to reach the victim for comment did not yield a response as of the time of filing this report.
Scenes like this have become increasingly common across Nigeria. From street thefts and shop break-ins to assaults and vandalism, CCTV cameras are capturing more crimes than ever before. Yet even when images of suspects are clear, identification often depends on public recognition rather than official digital systems.
This contradiction raises a fundamental Digital Public Infrastructure (DPI) question: why does identification still rely on public appeals in a country that has invested heavily in digital identity systems such as the National Identification Number (NIN)?
Seeing Crime, Struggling to Identify Suspects
Nigeria has made major investments in surveillance infrastructure. Private businesses, residential estates, and state governments increasingly deploy CCTV cameras as a crime-prevention tool. At the same time, the country has built one of Africa’s largest digital identity systems, with over 100 million Nigerians enrolled in the NIN database.
Under a DPI lens, both surveillance and digital identity are foundational systems meant to support public goods such as security, service delivery, and accountability. But in practice, these systems rarely intersect.
In Kano, popular Facebook user and restaurant owner Fadila H. Kurfi said she lost over N200,000 to a fraudster at her restaurant. CCTV footage captured the suspect, and she shared the video on Facebook, asking the public to help identify the individual. Multiple attempts by this reporter to obtain further details from Kurfi were unsuccessful, as she repeatedly promised to share her experience but had not at the time of publication.
Another Kano-based entrepreneur, Hidaya Ahmad Salisu, narrated how CCTV footage helped her family recover a stolen phone but only after a manual, community search.
“During Ramadan, while we were preparing to break fasting, some guests arrived. My mother went to the gate to greet them and placed her phone on a railing near the entrance. When she returned, the phone was gone,” she said.
After confirming the phone was not misplaced, the family reviewed CCTV footage, which showed two young boys, aged about nine and twelve, stealing the phone.
“One of the boys immediately removed the SIM card before they even left our gate,” Salisu said.
Her brother took the video to a mosque to identify the children. A friend recognized one of them, leading the family to the boy’s home. The boys later confessed and implicated their school principal as a receiver of stolen goods.
“We went with a police officer to the principal. He admitted to having the phone. In less than 24 hours, the phone had been wiped, the screen guard replaced, and the case changed to look new,” she said.
A formal complaint was filed, and the principal was detained for two days before the matter was resolved through the school’s head teacher, who expelled the boys. The phone was eventually recovered.
The case illustrates a paradox: visual data exists, but institutional pathways to turn it into verified identity are weak or absent.
What Nigeria’s Digital Identity System Was Built For
Nigeria’s NIN system was designed primarily to support service delivery, financial inclusion, and regulatory compliance. Today, NIN is required for SIM registration, banking and access to many government services.
However, it was not designed as a real-time criminal identification system. This is where interoperability with relevant authorities, in this case security agencies come in.
The National Identity Management Commission (NIMC), which manages the NIN database, has repeatedly stated that identity data is to be accessed only through authorized verification channels and not for indiscriminate use. The Commission has also warned Nigerians against sharing their NINs with unauthorized parties, stressing that misuse of identity data violates Nigerian law.
According to Dr. Kayode Adegoke, Head of Corporate Communications at the NIMC, the NIN is strictly for accessing government and private sector services through official channels and should not be shared with unauthorized parties. The Commission has reiterated its commitment to safeguarding the national identity database and works with relevant security agencies where legally appropriate, particularly to prevent fraud and data misuse.
While NIN was not designed as a real-time criminal identification tool, the NIMC has acknowledged limited collaboration with security agencies in specific contexts.
NIMC Director-General Abisoye Coker-Odusote disclosed that the Commission was working with the Nigerian Communications Commission (NCC) and security agencies to use NIN and SIM databases to track kidnappers and victims of kidnapping. She, however, declined to provide operational details of the collaboration, noting that identified gaps were still being addressed.
A data governance and digital security expert, Ahmed Idris explained that Nigeria’s CCTV infrastructure and national identity databases currently operate largely in isolation due to technical, institutional, and legal constraints.
From a technical perspective, CCTV deployments across Nigeria are fragmented. Surveillance systems are owned and operated by multiple actors, state governments, federal agencies, private organizations, and local authorities, using heterogeneous hardware, software, and data standards. Most systems are not centrally networked, lack standardized interfaces, and are often poorly maintained.
In contrast, identity databases such as the NIN system are centralized and highly sensitive, with strict internal controls that are not designed for real-time interoperability with external systems.
From an institutional perspective, there is no unified governance framework for data sharing among public agencies. Ministries, Departments, and Agencies (MDAs) typically operate in silos, and there is limited incentive or legal obligation to integrate systems. Data ownership disputes, bureaucratic resistance, and unclear accountability further inhibit interoperability.
From a legal and regulatory perspective, Nigerian law does not currently mandate or clearly authorize the routine linkage of surveillance data with national identity databases. The absence of explicit statutory authority, combined with constitutional privacy protections and modern data protection requirements, makes such integration legally sensitive and institutionally risky.
Technical and Legal Requirements for Interoperability
Enabling interoperability would require significant foundational investment, including standardized data architectures and interfaces allowing CCTV systems and identity databases to exchange data securely and consistently.
It would also require nationwide, functional CCTV infrastructure with reliable connectivity, centralized monitoring capabilities, and uniform operational standards, as well as advanced biometric and analytics systems such as facial recognition technologies capable of matching CCTV imagery with identity records.
Robust cybersecurity controls including encryption, access control mechanisms, audit logs, intrusion detection, and incident response capabilities would be essential. Without these elements, any attempt at integration would be unreliable and vulnerable to abuse or failure.
Legally, interoperability would require explicit statutory authorization defining when, how, and by whom identity data may be linked to surveillance systems, as well as clear data-sharing frameworks governing inter-agency cooperation.
Compliance with the Nigeria Data Protection Act (NDPA) 2023, which classifies biometric data as sensitive personal data and requires a lawful basis for processing, would be mandatory. Judicial or quasi-judicial oversight would also be required, particularly where surveillance data is used to identify specific individuals, alongside independent regulatory supervision by the Nigeria Data Protection Commission (NDPC).
When CCTV Leads to Arrests Without Databases
There are cases where CCTV footage has led to arrests, but often without digital identity matching.
In December 2024, the Rapid Response Squad (RRS) of the Lagos State Police Command arrested Ifeanyi Okonkwo, who was captured stealing a Samsung A15 phone inside an eatery in Ikeja. The suspect was apprehended when he returned to the same restaurant nearly a month later, and the phone was recovered from the buyer.
The case highlights how traditional policing methods, rather than digital identity databases, remain central to suspect identification in Nigeria.
Risks and Safeguards
The integration of CCTV systems with identity databases introduces substantial risks, including privacy violations arising from the aggregation of identity data with location and movement information.
It also increases the attack surface for data breaches involving immutable biometric identifiers, creates the risk of misidentification that may result in wrongful suspicion or detention, and raises concerns about “function creep,” where systems introduced for public safety gradually expand into broader, unregulated surveillance.
Linking national identity systems to surveillance infrastructure poses deeper structural dangers. Biometric identifiers cannot be changed once compromised, creating permanent exposure. Integrated systems may enable mass surveillance capabilities capable of monitoring individuals’ movements and associations without individualized suspicion, potentially producing chilling effects on lawful protest, political participation, and free expression.
Before any move toward interoperability is considered, comprehensive safeguards must be established. These include clear statutory limits on the scope and purpose of surveillance-identity linkage, strict purpose limitation, and mandatory judicial authorization for access to identity data, strong encryption and access controls, defined data retention periods, and independent oversight by the Nigeria Data Protection Commission.
Under the Nigeria Data Protection Act 2023, unlawful processing, sharing, or misuse of biometric and identity data may attract regulatory enforcement, including fines, corrective orders, and potential civil liability. Excessive or unlawful surveillance may also be challenged under constitutional protections relating to privacy, dignity, and freedom of expression and association.
Police and NIMC Responses
Efforts to obtain official comments from security agencies and identity authorities yielded limited responses.
The Nigerian Police Public Relations Officer, ACP Benjamin Hundeyin, promised to respond to inquiries on the role of CCTV and identity databases in criminal investigations but had not reverted as of the time of filing this report.
Similarly, efforts to reach the Kano State Police Public Relations Officer, SP Abdullahi Haruna Kiyawa for comment were unsuccessful.
Efforts to obtain comments from the NIMC were also unsuccessful. Calls and text messages sent to the Commission’s Head of Corporate Communications, Dr. Kayode Adegoke, seeking clarification on whether the NIN can be deployed in criminal investigations and under what legal conditions, were not responded to as the time of filing this report.
DPI Beyond Inclusion
Much of Nigeria’s digital identity rollout has focused on financial inclusion and service access. But DPI, analysts say, should also consider accountability and justice.
A well-governed DPI ecosystem would not necessarily mean automatic facial recognition or mass surveillance. Instead, it would involve clearly defined legal thresholds for access, court-authorized requests, audit trails and independent oversight and strong penalties for abuse.
Such measures, expert argue, could allow digital systems to support investigations while protecting civil liberties.
This report is produced under the DPI Africa Journalism Fellowship Programme of the Media Foundation for West Africa and Co-Develop.
