[ Back ] [ Bottom ]
92_HB1075
LRB9206094JSpc
1 AN ACT concerning electronic commerce.
2 Be it enacted by the People of the State of Illinois,
3 represented in the General Assembly:
4 Section 5. The Electronic Commerce Security Act is
5 amended by changing Section 10-105 and adding Sections 5-106,
6 5-107, 5-108, 5-109, 5-111, 5-112, 5-113, 5-114, 5-116,
7 5-117, 5-118, 5-119, 5-121, and 5-122 as follows:
8 (5 ILCS 175/5-105)
9 Sec. 5-105. Definitions.
10 "Agreement" means the bargain of the parties in fact, as
11 found in their language or inferred from other circumstances
12 and from rules, regulations, and procedures given the effect
13 of agreements under laws otherwise applicable to a particular
14 transaction.
15 "Asymmetric cryptosystem" means a computer-based system
16 capable of generating and using a key pair consisting of a
17 private key for creating a digital signature and a public key
18 to verify the digital signature.
19 "Automated transaction" means a transaction conducted or
20 performed, in whole or in part, by electronic means or
21 electronic records, in which the acts or records of one or
22 both parties are not reviewed by an individual in the
23 ordinary course in forming a contract, performing under an
24 existing contract, or fulfilling an obligation required by
25 the transaction.
26 "Certificate" means a record that at a minimum: (a)
27 identifies the certification authority issuing it; (b) names
28 or otherwise identifies its subscriber or a device or
29 electronic agent under the control of the subscriber; (c)
30 contains a public key that corresponds to a private key under
31 the control of the subscriber; (d) specifies its operational
-2- LRB9206094JSpc
1 period; and (e) is digitally signed by the certification
2 authority issuing it.
3 "Certification authority" means a person who authorizes
4 and causes the issuance of a certificate.
5 "Certification practice statement" is a statement
6 published by a certification authority that specifies the
7 policies or practices that the certification authority
8 employs in issuing, managing, suspending, and revoking
9 certificates and providing access to them.
10 "Computer program" means a set of statements or
11 instructions to be used directly or indirectly in an
12 information processing system in order to bring about a
13 certain result.
14 "Contract" means the total legal obligation resulting
15 from the parties' agreement as affected by this Act and other
16 applicable law.
17 "Correspond", with reference to keys, means to belong to
18 the same key pair.
19 "Digital signature" means a type of electronic signature
20 created by transforming an electronic record using a message
21 digest function and encrypting the resulting transformation
22 with an asymmetric cryptosystem using the signer's private
23 key such that any person having the initial untransformed
24 electronic record, the encrypted transformation, and the
25 signer's corresponding public key can accurately determine
26 whether the transformation was created using the private key
27 that corresponds to the signer's public key and whether the
28 initial electronic record has been altered since the
29 transformation was made. A digital signature is a security
30 procedure.
31 "Electronic" means relating to technology having includes
32 electrical, digital, magnetic, wireless, optical,
33 electromagnetic, or similar any other form of technology that
34 entails capabilities similar to these technologies.
-3- LRB9206094JSpc
1 "Electronic agent" means a computer program or an
2 electronic or other automated means used independently to
3 initiate an action or respond to electronic records or
4 performances in whole or in part, without review or action by
5 an individual.
6 "Electronic record" means a record created, generated,
7 sent, communicated, received, or stored by electronic means
8 for use in an information system or for transmission from one
9 information system to another.
10 "Electronic signature" means an electronic sound, symbol,
11 or process a signature in electronic form attached to or
12 logically associated with a an electronic record and executed
13 or adopted by a person with intent to sign the record.
14 "Information" includes data, text, images, sound, codes,
15 computer programs, software, databases, and the like.
16 "Information processing system" means an electronic
17 system for creating, generating, sending, receiving, storing,
18 displaying, or processing information.
19 "Key pair" means, in an asymmetric cryptosystem, 2
20 mathematically related keys, referred to as a private key and
21 a public key, having the properties that (i) one key (the
22 private key) can encrypt a message that only the other key
23 (the public key) can decrypt, and (ii) even knowing one key
24 (the public key), it is computationally unfeasible to
25 discover the other key (the private key).
26 "Message digest function" means an algorithm that maps or
27 translates the sequence of bits comprising an electronic
28 record into another, generally smaller, set of bits (the
29 message digest) without requiring the use of any secret
30 information such as a key, such that an electronic record
31 yields the same message digest every time the algorithm is
32 executed using such record as input and it is computationally
33 unfeasible that any 2 electronic records can be found or
34 deliberately generated that would produce the same message
-4- LRB9206094JSpc
1 digest using the algorithm unless the 2 records are precisely
2 identical.
3 "Operational period of a certificate" begins on the date
4 and time the certificate is issued by a certification
5 authority (or on a later date and time certain if stated in
6 the certificate) and ends on the date and time it expires as
7 noted in the certificate or is earlier revoked, but does not
8 include any period during which a certificate is suspended.
9 "Person" means an individual, corporation, business
10 trust, estate, trust, partnership, limited partnership,
11 limited liability partnership, limited liability company,
12 association, joint venture, government, governmental
13 subdivision, agency, or instrumentality, or any other legal
14 or commercial entity.
15 "Private key" means the key of a key pair used to create
16 a digital signature.
17 "Public key" means the key of a key pair used to verify a
18 digital signature.
19 "Record" means information that is inscribed, stored, or
20 otherwise fixed on a tangible medium or that is stored in an
21 electronic or other medium and is retrievable in perceivable
22 form.
23 "Repository" means a system for storing and retrieving
24 certificates or other information relevant to certificates,
25 including information relating to the status of a
26 certificate.
27 "Revoke a certificate" means to permanently end the
28 operational period of a certificate from a specified time
29 forward.
30 "Rule of law" means any statute, ordinance, common law
31 rule, court decision, or other rule of law enacted,
32 established or promulgated by the State of Illinois, or any
33 agency, commission, department, court, other authority or
34 political subdivision of the State of Illinois.
-5- LRB9206094JSpc
1 "Security procedure" means a methodology or procedure
2 employed used for the purpose of (1) verifying that an
3 electronic signature, record, or performance is that of a
4 specific person or for (2) detecting changes or errors error
5 or alteration in the information in communication, content,
6 or storage of an electronic record since a specific point in
7 time. The term includes a security procedure that requires
8 may require the use of algorithms or other codes, identifying
9 words or numbers, encryption, or callback answer back or
10 other acknowledgment procedures, or similar security devices.
11 "Signature device" means unique information, such as
12 codes, algorithms, letters, numbers, private keys, or
13 personal identification numbers (PINs), or a uniquely
14 configured physical device, that is required, alone or in
15 conjunction with other information or devices, in order to
16 create an electronic signature attributable to a specific
17 person.
18 "Signed" or "signature" includes any symbol executed or
19 adopted, or any security procedure employed or adopted, using
20 electronic means or otherwise, by or on behalf of a person
21 with intent to authenticate a record.
22 "State" means a State of the United States, the District
23 of Columbia, Puerto Rico, the United States Virgin Islands,
24 or any territory or insular possession subject to the
25 jurisdiction of the United States. The term includes an
26 Indian tribe or band, or Alaskan native village, which is
27 recognized by federal law or formally acknowledged by a
28 State.
29 "State agency" means and includes all officers, boards,
30 commissions, courts, and agencies created by the Illinois
31 Constitution, whether in the executive, legislative or
32 judicial branch, all officers, departments, boards,
33 commissions, agencies, institutions, authorities,
34 universities, bodies politic and corporate of the State; and
-6- LRB9206094JSpc
1 administrative units or corporate outgrowths of the State
2 government which are created by or pursuant to statute, other
3 than units of local government and their officers, school
4 districts and boards of election commissioners; all
5 administrative units and corporate outgrowths of the above
6 and as may be created by executive order of the Governor.
7 "Subscriber" means a person who is the subject named or
8 otherwise identified in a certificate, who controls a private
9 key that corresponds to the public key listed in that
10 certificate, and who is the person to whom digitally signed
11 messages verified by reference to such certificate are to be
12 attributed.
13 "Suspend a certificate" means to temporarily suspend the
14 operational period of a certificate for a specified time
15 period or from a specified time forward.
16 "Transaction" means an action or set of actions occurring
17 between two or more persons relating to the conduct of
18 business, commercial, or governmental affairs.
19 "Trustworthy manner" means through the use of computer
20 hardware, software, and procedures that, in the context in
21 which they are used: (a) can be shown to be reasonably
22 resistant to penetration, compromise, and misuse; (b) provide
23 a reasonable level of reliability and correct operation; (c)
24 are reasonably suited to performing their intended functions
25 or serving their intended purposes; (d) comply with
26 applicable agreements between the parties, if any; and (e)
27 adhere to generally accepted security procedures.
28 "Valid certificate" means a certificate that a
29 certification authority has issued and that the subscriber
30 listed in the certificate has accepted.
31 "Verify a digital signature" means to use the public key
32 listed in a valid certificate, along with the appropriate
33 message digest function and asymmetric cryptosystem, to
34 evaluate a digitally signed electronic record, such that the
-7- LRB9206094JSpc
1 result of the process concludes that the digital signature
2 was created using the private key corresponding to the public
3 key listed in the certificate and the electronic record has
4 not been altered since its digital signature was created.
5 (Source: P.A. 90-759, eff. 7-1-99.)
6 (5 ILCS 175/5-106 new)
7 Sec. 5.106. Scope.
8 (a) Except as otherwise provided in subsection (b), this
9 Act applies to electronic records and electronic signatures
10 relating to a transaction.
11 (b) This Act does not apply to a transaction to the
12 extent it is governed by:
13 (1) a law governing the creation and execution of
14 wills, codicils, or testamentary trusts; and
15 (2) The Uniform Commercial Code other than Sections
16 1-107 and 1-206, Article 2, and Article 2A.
17 (c) This Act applies to an electronic record or
18 electronic signature otherwise excluded from the application
19 of this Act under subsection (b) to the extent it is governed
20 by a law other than those specified in subsection (b).
21 (d) A transaction subject to this Act is also subject to
22 other applicable substantive law.
23 (5 ILCS 175/5-107 new)
24 Sec. 5-107. Prospective application. The changes made
25 by the amendatory Act of the 92nd General Assembly applies to
26 any electronic record or electronic signature created,
27 generated, sent, communicated, received, or stored on or
28 after the effective date of this Act.
29 (5 ILCS 175/5-108 new)
30 Sec. 5-108. Use of electronic records and electronic
31 signatures; variation by agreement.
-8- LRB9206094JSpc
1 (a) This Act does not require a record or signature to
2 be created, generated, sent, communicated, received, stored,
3 or otherwise processed or used by electronic means or in
4 electronic form.
5 (b) This Act applies only to transactions between
6 parties each of which has agreed to conduct transactions by
7 electronic means. Whether the parties agree to conduct a
8 transaction by electronic means is determined from the
9 context and surrounding circumstances, including the parties'
10 conduct.
11 (c) A party that agrees to conduct a transaction by
12 electronic means may refuse to conduct other transactions by
13 electronic means. The right granted by this subsection may
14 not be waived by agreement.
15 (d) Except as otherwise provided in this Act, the effect
16 of any of its provisions may be varied by agreement. The
17 presence in certain provisions of this Act of the words
18 "unless otherwise agreed", or words of similar import, does
19 not imply that the effect of other provisions may not be
20 varied by agreement.
21 (e) Whether an electronic record or electronic signature
22 has legal consequences is determined by this Act and other
23 applicable law.
24 (5 ILCS 175/5-109 new)
25 Sec. 5-109. Construction and application. This Act must
26 be construed and applied:
27 (1) to facilitate electronic transactions consistent with
28 other applicable law;
29 (2) to be consistent with reasonable practices concerning
30 electronic transactions and with the continued expansion of
31 those practices; and
32 (3) to effectuate its general purpose to make uniform the
33 law with respect to the subject of this Act among States
-9- LRB9206094JSpc
1 enacting it.
2 (5 ILCS 175/5-111 new)
3 Sec. 5-111. Legal recognition of electronic records,
4 electronic signatures, and electronic contracts.
5 (a) A record or signature may not be denied legal effect
6 or enforceability solely because it is in electronic form.
7 (b) A contract may not be denied legal effect or
8 enforceability solely because an electronic record was used
9 in its formation.
10 (c) If a law requires a record to be in writing, an
11 electronic record satisfies the law.
12 (d) If a law requires a signature, an electronic
13 signature satisfies the law.
14 (5 ILCS 175/5-112 new)
15 Sec. 5-112. Provision of information in writing;
16 presentation of records.
17 (a) If parties have agreed to conduct a transaction by
18 electronic means and a law requires a person to provide,
19 send, or deliver information in writing to another person,
20 the requirement is satisfied if the information is provided,
21 sent, or delivered, as the case may be, in an electronic
22 record capable of retention by the recipient at the time of
23 receipt. An electronic record is not capable of retention by
24 the recipient if the sender or its information processing
25 system inhibits the ability of the recipient to print or
26 store the electronic record.
27 (b) If a law other than this Act requires a record (i)
28 to be posted or displayed in a certain manner, (ii) to be
29 sent, communicated, or transmitted by a specified method, or
30 (iii) to contain information that is formatted in a certain
31 manner, the following rules apply:
32 (1) The record must be posted or displayed in the
-10- LRB9206094JSpc
1 manner specified in the other law.
2 (2) Except as otherwise provided in subsection
3 (d)(2), the record must be sent, communicated, or
4 transmitted by the method specified in the other law.
5 (3) The record must contain the information
6 formatted in the manner specified in the other law.
7 (c) If a sender inhibits the ability of a recipient to
8 store or print an electronic record, the electronic record is
9 not enforceable against the recipient.
10 (d) The requirements of this Section may not be varied
11 by agreement, but:
12 (1) to the extent a law other than this Act requires
13 information to be provided, sent, or delivered in writing
14 but permits that requirement to be varied by agreement,
15 the requirement under subsection (a) that the information
16 be in the form of an electronic record capable of
17 retention may also be varied by agreement; and
18 (2) a requirement under a law other than this Act to
19 send, communicate, or transmit a record by regular United
20 States mail, may be varied by agreement to the extent
21 permitted by the other law.
22 (5 ILCS 175/5-113 new)
23 Sec. 5-113. Attribution and effect of electronic record
24 and electronic signature.
25 (a) An electronic record or electronic signature is
26 attributable to a person if it was the act of the person.
27 The act of the person may be shown in any manner, including a
28 showing of the efficacy of any security procedure applied to
29 determine the person to which the electronic record or
30 electronic signature was attributable.
31 (b) The effect of an electronic record or electronic
32 signature attributed to a person under subsection (a) is
33 determined from the context and surrounding circumstances at
-11- LRB9206094JSpc
1 the time of its creation, execution, or adoption, including
2 the parties' agreement, if any, and otherwise as provided by
3 law.
4 (5 ILCS 175/5-114 new)
5 Sec. 5-114. Effect of change or error. If a change or
6 error in an electronic record occurs in a transmission
7 between parties to a transaction, the following rules apply:
8 (1) If the parties have agreed to use a security
9 procedure to detect changes or errors and one party has
10 conformed to the procedure, but the other party has not, and
11 the nonconforming party would have detected the change or
12 error had that party also conformed, the conforming party may
13 avoid the effect of the changed or erroneous electronic
14 record.
15 (2) In an automated transaction involving an individual,
16 the individual may avoid the effect of an electronic record
17 that resulted from an error made by the individual in dealing
18 with the electronic agent of another person if the electronic
19 agent did not provide an opportunity for the prevention or
20 correction of the error and, at the time the individual
21 learns of the error, the individual:
22 (A) promptly notifies the other person of the error
23 and that the individual did not intend to be bound by
24 the electronic record received by the other person;
25 (B) takes reasonable steps, including steps that
26 conform to the other person's reasonable instructions, to
27 return to the other person or, if instructed by the other
28 person, to destroy the consideration received, if any, as
29 a result of the erroneous electronic record; and
30 (C) has not used or received any benefit or value
31 from the consideration, if any, received from the other
32 person.
33 (3) If neither paragraph (1) nor paragraph (2) applies,
-12- LRB9206094JSpc
1 the change or error has the effect provided by other law,
2 including the law of mistake, and the parties' contract, if
3 any.
4 (4) Paragraphs (2) and (3) may not be varied by
5 agreement.
6 (5 ILCS 175/5-116 new)
7 Sec. 5-116. Notarization and acknowledgment. If a law
8 requires a signature or record to be notarized, acknowledged,
9 verified, or made under oath, the requirement is satisfied if
10 the electronic signature of the person authorized to perform
11 those acts, together with all other information required to
12 be included by other applicable law, is attached to or
13 logically associated with the signature or record.
14 (5 ILCS 175/5-117 new)
15 Sec. 5-117. Retention of electronic records; originals.
16 (a) If a law requires that a record be retained, the
17 requirement is satisfied by retaining an electronic record of
18 the information in the record which:
19 (1) accurately reflects the information set forth in
20 the record after it was first generated in its final form
21 as an electronic record or otherwise; and
22 (2) remains accessible for later reference.
23 (b) A requirement to retain a record in accordance with
24 subsection (a) does not apply to any information the sole
25 purpose of which is to enable the record to be sent,
26 communicated, or received.
27 (c) A person may satisfy subsection (a) by using the
28 services of another person if the requirements of that
29 subsection are satisfied.
30 (d) If a law requires a record to be presented or
31 retained in its original form, or provides consequences if
32 the record is not presented or retained in its original form,
-13- LRB9206094JSpc
1 that law is satisfied by an electronic record retained in
2 accordance with subsection (a).
3 (e) If a law requires retention of a check, that
4 requirement is satisfied by retention of an electronic record
5 of the information on the front and back of the check in
6 accordance with subsection (a).
7 (f) A record retained as an electronic record in
8 accordance with subsection (a) satisfies a law requiring a
9 person to retain a record for evidentiary, audit, or like
10 purposes, unless a law enacted after the effective date of
11 this Act specifically prohibits the use of an electronic
12 record for the specified purpose.
13 (g) This Section does not preclude a governmental agency
14 of this State from specifying additional requirements for the
15 retention of a record subject to the agency's jurisdiction.
16 (5 ILCS 175/5-118 new)
17 Sec. 5-118. Admissibility in evidence. In a proceeding,
18 evidence of a record or signature may not be excluded solely
19 because it is in electronic form.
20 (5 ILCS 175/5-119 new)
21 Sec. 5-119. Automated transaction. In an automated
22 transaction, the following rules apply:
23 (1) A contract may be formed by the interaction of
24 electronic agents of the parties, even if no individual was
25 aware of or reviewed the electronic agents' actions or the
26 resulting terms and agreements.
27 (2) A contract may be formed by the interaction of an
28 electronic agent and an individual, acting on the
29 individual's own behalf or for another person, including by
30 an interaction in which the individual performs actions that
31 the individual is free to refuse to perform and which the
32 individual knows or has reason to know will cause the
-14- LRB9206094JSpc
1 electronic agent to complete the transaction or performance.
2 (3) The terms of the contract are determined by the
3 substantive law applicable to it.
4 (5 ILCS 175/5-121 new)
5 Sec. 5-121. Time and place of sending and receipt.
6 (a) Unless otherwise agreed between the sender and the
7 recipient, an electronic record is sent when it:
8 (1) is addressed properly or otherwise directed
9 properly to an information processing system that the
10 recipient has designated or uses for the purpose of
11 receiving electronic records or information of the type
12 sent and from which the recipient is able to retrieve the
13 electronic record;
14 (2) is in a form capable of being processed by that
15 system; and
16 (3) enters an information processing system outside
17 the control of the sender or of a person that sent the
18 electronic record on behalf of the sender or enters a
19 region of the information processing system designated or
20 used by the recipient which is under the control of the
21 recipient.
22 (b) Unless otherwise agreed between a sender and the
23 recipient, an electronic record is received when:
24 (1) it enters an information processing system that
25 the recipient has designated or uses for the purpose of
26 receiving electronic records or information of the type
27 sent and from which the recipient is able to retrieve the
28 electronic record; and
29 (2) it is in a form capable of being processed by
30 that system.
31 (c) Subsection (b) applies even if the place the
32 information processing system is located is different from
33 the place the electronic record is deemed to be received
-15- LRB9206094JSpc
1 under subsection (d).
2 (d) Unless otherwise expressly provided in the
3 electronic record or agreed between the sender and the
4 recipient, an electronic record is deemed to be sent from the
5 sender's place of business and to be received at the
6 recipient's place of business. For purposes of this
7 subsection, the following rules apply:
8 (1) If the sender or recipient has more than one
9 place of business, the place of business of that person
10 is the place having the closest relationship to the
11 underlying transaction.
12 (2) If the sender or the recipient does not have a
13 place of business, the place of business is the sender's
14 or recipient's residence, as the case may be.
15 (e) An electronic record is received under subsection
16 (b) even if no individual is aware of its receipt.
17 (f) Receipt of an electronic acknowledgment from an
18 information processing system described in subsection (b)
19 establishes that a record was received but, by itself, does
20 not establish that the content sent corresponds to the
21 content received.
22 (g) If a person is aware that an electronic record
23 purportedly sent under subsection (a), or purportedly
24 received under subsection (b), was not actually sent or
25 received, the legal effect of the sending or receipt is
26 determined by other applicable law. Except to the extent
27 permitted by the other law, the requirements of this
28 subsection may not be varied by agreement.
29 (5 ILCS 175/5-122 new)
30 Sec. 5-122. Transferable records.
31 (a) In this Section, "transferable record" means an
32 electronic record that:
33 (1) would be a note under Article 3 of the Uniform
-16- LRB9206094JSpc
1 Commercial Code or a document under Article 7 of the
2 Uniform Commercial Code if the electronic record were in
3 writing; and
4 (2) the issuer of the electronic record expressly
5 has agreed is a transferable record.
6 (b) A person has control of a transferable record if a
7 system employed for evidencing the transfer of interests in
8 the transferable record reliably establishes that person as
9 the person to which the transferable record was issued or
10 transferred.
11 (c) A system satisfies subsection (b), and a person is
12 deemed to have control of a transferable record, if the
13 transferable record is created, stored, and assigned in such
14 a manner that:
15 (1) a single authoritative copy of the transferable
16 record exists which is unique, identifiable, and, except
17 as otherwise provided in paragraphs (4), (5), and (6),
18 unalterable;
19 (2) the authoritative copy identifies the person
20 asserting control as:
21 (A) the person to which the transferable record
22 was issued; or
23 (B) if the authoritative copy indicates that
24 the transferable record has been transferred, the
25 person to which the transferable record was most
26 recently transferred;
27 (3) the authoritative copy is communicated to and
28 maintained by the person asserting control or its
29 designated custodian;
30 (4) copies or revisions that add or change an
31 identified assignee of the authoritative copy can be made
32 only with the consent of the person asserting control;
33 (5) each copy of the authoritative copy and any copy
34 of a copy is readily identifiable as a copy that is not
-17- LRB9206094JSpc
1 the authoritative copy; and
2 (6) any revision of the authoritative copy is
3 readily identifiable as authorized or unauthorized.
4 (d) Except as otherwise agreed, a person having control
5 of a transferable record is the holder, as defined in Section
6 1-201(20) of the Uniform Commercial Code, of the transferable
7 record and has the same rights and defenses as a holder of an
8 equivalent record or writing under the Uniform Commercial
9 Code, including, if the applicable statutory requirements
10 under Section 3-302(a), 7-501, or 9-308 of the Uniform
11 Commercial Code are satisfied, the rights and defenses of a
12 holder in due course, a holder to which a negotiable document
13 of title has been duly negotiated, or a purchaser,
14 respectively. Delivery, possession, and indorsement are not
15 required to obtain or exercise any of the rights under this
16 subsection.
17 (e) Except as otherwise agreed, an obligor under a
18 transferable record has the same rights and defenses as an
19 equivalent obligor under equivalent records or writings under
20 the Uniform Commercial Code.
21 (f) If requested by a person against which enforcement
22 is sought, the person seeking to enforce the transferable
23 record shall provide reasonable proof that the person is in
24 control of the transferable record. Proof may include access
25 to the authoritative copy of the transferable record and
26 related business records sufficient to review the terms of
27 the transferable record and to establish the identity of the
28 person having control of the transferable record.
29 (5 ILCS 175/5-110 rep.)
30 (5 ILCS 175/5-115 rep.)
31 (5 ILCS 175/5-120 rep.)
32 (5 ILCS 175/5-125 rep.)
33 (5 ILCS 175/5-130 rep.)
-18- LRB9206094JSpc
1 (5 ILCS 175/5-135 rep.)
2 (5 ILCS 175/5-140 rep.)
3 Section 10. The Electronic Commerce Security Act is
4 amended by repealing Sections 5-110, 5-115, 5-120, 5-125,
5 5-130, 5-135, and 5-140.
[ Top ]