AN ACT TO AMEND TITLE 11 OF THE DELAWARE CODE RELATING TO ELECTRONIC TECHNOLOGY.
BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF DELAWARE:
(Two-thirds of all members elected to each house thereof concurring therein):
Section 1. Amend §861, Title 11 of the Delaware Code by inserting "or asymmetrically encrypted electronic record" immediately after "written instrument" wherever it appears therein.
Section 2. Amend §862(1), Title 11 of the Delaware Code by inserting "or asymmetrically encrypted electronic records" between "instruments" and "; or".
Section 3. Amend §863, Title 11 of the Delaware Code by designating the present text as subsection(a) and by adding a new subsection to read:
"(b) 'Asymmetrically encrypted electronic record' means a record created, stored, generated, received, or communicated by electronic means.
(c) Other definitions relating to electronic records and communications are in §931 of this title.".
Section 4. Amend §873, Title 11 of the Delaware Code by inserting between "written instrument" and "filed" the following:
"or any electronic record".
Section 5. Amend §876, Title 11 of the Delaware Code by inserting between "written instrument" and "filed" the following:
"or any electronic record".
Section 6. Amend §877, Title 11 of the Delaware Code by inserting between "written instrument" and "contains" the following:
"or electronic record".
Section 7. Amend §878, Title 11 of the Delaware Code by inserting between "written instruments"
and ", and" the following:
"or electronic records".
Section 8. Amend §878, Title 11 of the Delaware Code by striking "such an instrument" and by substituting in lieu thereof:
"an official certificate, written instrument, or electronic record".
Section 9. Amend §906, Title 11 of the Delaware Code by striking "or" at the end of §906(6); and by striking the period (".") at the end of §906(7) and by substituting in lieu thereof the following:
"; or
(8) While acting as a certification authority, issues a certificate with the intention that the certificate will be relied upon by a third party to verify a digital signature issued to a subscriber of the certification authority, and fails to make available to the subscriber or to a third party relying on the certificate (i) the certification authority's certification practice statement, if one is applicable, and (ii) a statement that identifies the certification authority as a certification authority and that contains the public key corresponding to the private key issued to the subscriber by the certification authority.".
Section 10. Amend §907, Title 11 of the Delaware Code by striking the period (".") at the end of §907(3) and by substituting in lieu thereof the following:
"; or
(4) Uses a signature device without authorization and with the intent to deceive or mislead another person into believing that the person rightfully owns or is authorized to use the device.".
Section 11. Amend §931, Title 11 of the Delaware Code by striking the word "subpart" where it appears as the fifth word in the text of §931 and by substituting in lieu thereof the word "subchapter".
Section 12. Amend §931, Title 11 of the Delaware Code by adding thereto the following:
"(18) 'Asymmetric cryptosystem' means a computer-based system capable of generating and using a key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.
(19) 'Certificate' means a record that at a minimum: (i) identifies the certification authority issuing it; (ii) names or otherwise identifies its subscriber, or a device or electronic agent under the control of the subscriber; (iii) contains a public key that corresponds to a private key under the control of the subscriber; (iv) specifies its operational period; and (v) is digitally signed by the certification authority issuing it.
(20) 'Certification authority' means a person who authorizes and causes the issuance of a certificate.
(21) 'Certification practice statement' means a statement published by a certification authority that specifies the policies or practices that the certification authority employs in issuing, managing, suspending, and revoking certificates and in providing access to them.
(22) 'Digital signature' means a type of electronic signature created by transforming an electronic record using a message digest function and by encrypting the resulting transformation with an asymmetric cryptosystem using the signer’s private key such that any person having the initial untransformed electronic record, the encrypted transformation, and the signer’s corresponding public key can accurately determine whether the transformation was created using the private key that corresponds to the signer’s public key and whether the initial electronic record has been altered since the transformation was made. A digital signature is a security procedure.
(23) 'Electronic' includes electrical, digital, magnetic, optical, electromagnetic, or any other form of technology that entails capabilities similar to these technologies.
(24) 'Electronic record' means a record created, stored, generated, received, or communicated by electronic means for use in an information system or for transmission from one information system to another. Electronic record includes computer-generated data records created for internal record keeping purposes.
(25) 'Electronic signature' means a signature in electronic form, attached to or logically associated with an electronic record.
(26) 'Key pair' means, in an asymmetric cryptosystem, two mathematically related keys, referred to as a private key and a public key. The private key can encrypt a message which only the public key can decrypt, and, even knowing the public key, it is computationally infeasible to discover the private key.
(27) 'Private key' means the key of a key pair used to create a digital signature.
(28) 'Public key' means the key of a key pair used to verify a digital signature.
(29) 'Message digest function' means an algorithm that maps or translates the sequence of bits comprising an electronic record into another, generally smaller, set of bits (the message digest), without requiring the use of any secret information such as a key, such that an electronic record yields the same message digest every time the algorithm is executed using the electronic record as input and it is computationally infeasible that any two electronic records can be found or deliberately generated that would produce the same message digest using the algorithm unless the two records are precisely identical.
(30) 'Record' means information that is inscribed, stored, or otherwise fixed on a tangible medium or that is stored in an electronic or other medium and is retrievable in readable form. 'Record' includes traditional paper documents such as letters and contracts, as well as e-mail messages, formatted electronic data interchange (EDI) messages, photographs printed on paper or stored as computer records, and sound recordings stored on tape or as computer files.
(31) 'Security procedure' means a methodology or procedure, established by law or regulation, or established by agreement, or knowingly adopted by each party, used for the purpose of (i) verifying that an electronic signature or record is that of a specific person or (ii) detecting changes or errors in the communication, content, or storage of an electronic record since a specific point in time. A security procedure may require the use of algorithms or codes, identifying words or numbers, encryption, answer back or acknowledgment procedures, or similar security devices that are reasonable under the circumstances.
(32) 'Signature device' means unique information, such as codes, algorithms, letters, numbers, private keys, or personal identification numbers (PINs), or a uniquely configured physical device, that is required, alone or in conjunction with other information or devices, to create an electronic signature attributable to a specific person.
(33) 'Signed' or 'signature' includes any symbol executed or adopted, or any security procedure employed or adopted, using electronic means or otherwise, by or on behalf of a person with intent to authenticate a record.
(34) 'Valid certificate' means a certificate that a certification authority has issued, and that has been accepted by the subscriber listed in the certificate.
(33) 'Verify a digital signature' means to use the public key listed in a valid certificate, along with the appropriate message digest function and asymmetric cryptosystem, to evaluate a digitally signed electronic record, such that the result of the process concludes that the digital signature was created using the private key corresponding to the public key listed in the certificate and that the electronic record has not been altered since its digital signature was created.".
Section 13. Amend Title 11 of the Delaware Code by adding thereto a new section to read:
"§932A. Unauthorized use of a signature device.
(a) A person is guilty of the crime of unauthorized use of a signature device
(1) when the person knowingly or intentionally accesses, copies, or otherwise obtains possession of, or recreates the signature device of another person without authorization for the purpose of creating, or allowing or causing another person to create, an unauthorized electronic signature; or
(2) when the person knowingly or intentionally alters, discloses, or uses the signature device of another person without authorization, or in excess of lawful authorization, for the purpose of creating, or allowing or causing another person to create, an unauthorized electronic signature.".
Section 14. Amend §939(f), Title 11 of the Delaware Code by striking "property services" as it appears in the first sentence thereof and by substituting in lieu thereof "property, services,".
This bill updates the criminal code (Title 11) in areas such as forgery, deceptive trade practices, and computer-related offenses that correlate to the provisions of the Electronic Transactions Act. It also creates a new crime: Unauthorized use of a signature device.
The penalty section for this crime is 11 Del. C. §939, which contains the penalties for offenses in §§932-938 of Title 11.