45th legislature - STATE OF NEW MEXICO - first session, 2001
RELATING TO ELECTRONIC RECORDS; PROVIDING FOR TECHNOLOGICAL NEUTRALITY; CHANGING DEFINITIONS; PROVIDING BROAD RULE-MAKING AUTHORITY; CHANGING RESPONSIBILITY FOR ELECTRONIC AUTHENTICATION OF DOCUMENTS FROM THE SECRETARY OF STATE TO THE INFORMATION TECHNOLOGY MANAGEMENT OFFICE; AMENDING AND REPEALING SECTIONS OF THE NMSA 1978.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF NEW MEXICO:
Section 1. Section 14-15-2 NMSA 1978 (being Laws 1996, Chapter 11, Section 2, as amended) is amended to read:
"14-15-2. PURPOSE.--The purpose of the Electronic Authentication of Documents Act is to:
A. provide a centralized [public sector electronic
registry for] technical approach to authenticating electronic
documents [by means of a public and private key system];
B. promote electronic commerce by eliminating barriers resulting from uncertainties over signature requirements and promoting the development of the legal and business infrastructure necessary to implement secure electronic commerce;
C. facilitate electronic filing of documents with
government agencies and promote efficient delivery of
government services by means of reliable, secure electronic
records and document transactions; [and]
D. establish a coherent approach to rules and
standards regarding the authentication [and integrity] of
electronic records [that can serve as a model to be adopted by
other states and help to promote uniformity among the various
states]; and
E. promote technological neutrality in electronic authentication."
Section 2. Section 14-15-3 NMSA 1978 (being Laws 1996, Chapter 11, Section 3, as amended) is amended to read:
"14-15-3. DEFINITIONS.--As used in the Electronic Authentication of Documents Act:
[A. "archival listing" means entries in the
register that show public keys that are no longer current;
B.] A. "authenticate" means to ascertain the
identity of the originator, verify the integrity of the
electronic data and establish a link between the data and the
originator;
[C. "certificate" means a record that at a
minimum:
(1) identifies the certification authority
issuing it;
(2) names or otherwise identifies its
subscriber or the device or electronic agent under the control
of the subscriber;
(3) contains a public key under the control
of the subscriber;
(4) specifies the public key's operational
period; and
(5) is signed with a digital signature by the
certification authority issuing it;
D. "digital signature" means a type of electronic
signature created by transforming an electronic record using a
message digest function and encrypting the resulting
transformation with an asymmetric cryptosystem using the
signer's private key so that any person having the initial
untransformed electronic record, the encrypted transformation
and the signer's corresponding public key can accurately
determine whether the transformation was created using the
private key that corresponds to the signer's public key and
whether the initial electronic record has been altered since
the transformation was made;
E.] B. "document" means [any] an identifiable
collection of words, letters or graphical knowledge
representations, regardless of the mode of representation.
"Document" includes correspondence, agreements, invoices,
reports, certifications, maps, drawings and images in both
electronic and hard copy formats;
[F.] C. "electronic authentication" means the
electronic signing of a document that establishes a verifiable
link between the originator of a document and the document by
means of optical, electrical, digital, magnetic,
electromagnetic, wireless, biological, a public key and
private key system or other technology providing similar
capabilities;
[G. "key pair" means, in a public and private key
system, a private key and its corresponding public key that
can verify an electronic authentication created by the private
key;
H. "message digest function" means an algorithm
that maps or translates the sequence of bits comprising an
electronic record into another generally smaller set of bits,
referred to as the message digest, without requiring the use
of any secret information, such as a key, and with the result
that an electronic record yields that same message digest
every time the algorithm is executed using the electronic
record as input and it is computationally unfeasible for two
electronic records to be found or deliberately generated to
produce the same message digest using the algorithm unless the
two records are precisely identical;
I.] D. "office" means the [office of electronic
documentation] information technology management office;
[J.] E. "originator" means the person who signs a
document electronically;
[K.] F. "person" means [any] an individual or
entity, including:
(1) an estate, trust, receiver, cooperative association, club, corporation, company, firm, partnership, joint venture or syndicate; and
(2) any federal, state or local governmental unit or subdivision or any agency, department or instrumentality thereof;
[L. "private key" means the code or alphanumeric
sequence used to encode an electronic authentication that is
known only to its owner and that is the part of a key pair
used to create a digital signature;
M. "public key" means the code or alphanumeric
sequence used to decode an electronic authentication and that
is the part of a key pair used to verify a digital signature;
N. "public and private key system" means the
hardware, software and firmware provided by a vendor for the
following purposes:
(1) to generate public and private key
pairs;
(2) to produce a record abstraction by means
of a message digest function;
(3) to encode a signature block and a record
abstraction or an entire document;
(4) to decode a signature block and a record
abstraction or an entire document; and
(5) to verify the integrity of a document;
O. "register" means a system for storing and
retrieving certificates or information relevant to
certificates, including information relating to the status of
a certificate;
P. "revocation" means the act of notifying the
secretary that a public key has ceased or will cease to be
effective after a specified time and date;
Q. "secretary" means the secretary of state;
R.] G. "signed" or "signature" means [any] a
symbol executed or adopted or [any] a security procedure
employed or adopted using electronic means or otherwise, by
or on behalf of a person with the intent to authenticate a
record; and
H. "technological neutrality" means the methods selected to carry out electronic authentication that do not require or accord greater legal status or effect to the implementation or application of a specific technology or technical specification for performing the functions of creating, storing, generating, receiving, communicating or authenticating electronic records or electronic signatures."
Section 3. Section 14-15-5 NMSA 1978 (being Laws 1996, Chapter 11, Section 5) is amended to read:
"14-15-5. [REGULATIONS] RULES.--
A. The [secretary] information technology
commission shall adopt [regulations] rules and standards to
accomplish the purposes of the Electronic Authentication of
Documents Act.
B. The [regulations] rules shall address [the
following matters:
(1) registration of public keys;
(2) revocation of public keys; and
(3) reasonable public access to the public
keys maintained by the office.
C. The regulations may address the following
matters:
(1) circumstances under which the office
may reject an application for registration of a public key;
(2) circumstances under which the office
may cancel the listing of a public key; and
(3) circumstances under which the office
may reject an attempt to revoke registration of a public
key] circumstances under which standards other than adopted
standards may be used."
Section 4. Section 14-15-6 NMSA 1978 (being Laws 1996, Chapter 11, Section 6) is amended to read:
"14-15-6. CONTRACTING SERVICES.--The [secretary]
office may contract with a private, public or quasi-public
organization for the provision of services under the
Electronic Authentication of Documents Act. A contract for
services shall comply with [regulations] rules adopted
pursuant to the Electronic Authentication of Documents Act
and the provisions of the Public Records Act and the
Procurement Code."
Section 5. REPEAL.--Section 14-15-4 NMSA 1978 (being Laws 1996, Chapter 11, Section 4) is repealed.
Section 6. EFFECTIVE DATE.--The effective date of the provisions of this act is July 1, 2001.